Is CVE-2026-31817 actively exploited?

CVE-2026-31817 has no public evidence of in-the-wild exploitation as of 2026-03-12.

What is the CVSS score for CVE-2026-31817?

CVE-2026-31817 has a CVSS score of 8.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L.

How do I patch CVE-2026-31817?

Patch guidance is available from olivetin security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-31817.

Fix CVE-2026-31817 - HIGH olivetin olivetin

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: none
Integrity: high
Availability: low
Weaknesses: CWE-22 · Path Traversal

Metadata

Primary Vendor: OLIVETIN
Published: 3/10/2026
Last Modified: 3/12/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-31817

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary