top of page
perceptive_background_267k.jpg

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users …

Published:

4 maart 2026 om 23:00:00

Alert date:

5 maart 2026 om 21:02:45

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

CVE-2026-28342 affects OliveTin, a web interface for predefined shell commands. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation through concurrent password hashing requests. Attackers can exploit this by sending multiple parallel requests to exhaust container memory, causing service degradation or complete denial of service. The vulnerability exists due to lack of request throttling, authentication requirements, or resource limits on computationally intensive hashing operations. The issue has been patched in version 3000.10.2.

Technical details

Mitigation steps:

Affected products:

OliveTin

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-28342
https://github.com/OliveTin/OliveTin/commit/2eb5f0ba79d4bbef3c802bf8b4666a7e18dcfd90
https://github.com/OliveTin/OliveTin/releases/tag/3000.10.2
https://github.com/OliveTin/OliveTin/security/advisories/GHSA-pc8g-78pf-4xrp

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page