CVE-2026-31817

OliveTin before 3000.11.2 exposes an unsafe file path construction in SaveLogs: the StartAction API’s user-supplied UniqueTrackingId is used in log file paths without validation, enabling directory traversal (e.g., ../../../) to write files to arbitrary filesystem locations. This impacts systems ...