Is CVE-2026-28790 actively exploited?

CVE-2026-28790 has no public evidence of in-the-wild exploitation as of 2026-03-10.

What is the CVSS score for CVE-2026-28790?

CVE-2026-28790 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2026-28790?

Patch guidance is available from olivetin security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-28790.

Fix CVE-2026-28790 - HIGH olivetin olivetin

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but can still call the KillAction RPC directly and successfully stop a running action. This is a broken access control issue that causes unauthorized denial of service against legitimate action executions. This issue has been patched in version 3000.11.0.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-284 CWE-862 · Missing Authorization CWE-863 · Incorrect Authorization CWE-862 · Missing Authorization

Metadata

Primary Vendor: OLIVETIN
Published: 3/5/2026
Last Modified: 3/10/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

olivetin : olivetin

Remediation Guidance

Executive Summary

Cite this page

CVE-2026-28790. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-28790

View on NIST NVD

CVE-2026-28790 vulnerability