CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login

Summary OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. In the tested release 3000.10.2, guests are correctly blocked from dashboard access, but an still call the KillAction RPC directly and successfully...

GHSA-4FQM-6FMH-82MQ OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login

Summary OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. In the tested release 3000.10.2, guests are correctly blocked from dashboard access, but an still call the KillAction RPC directly and successfully...

PT-2026-22999

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.0 Description OliveTin allows an unauthenticated guest to terminate running actions through the KillAction Remote Procedure Call RPC even when authRequireGuestsToLogin: true is enabled. Guests are blocked fro...