CVE-2026-28342

EPSS 0.06%
Veröffentlicht 05.03.2026 19:33:44
Zuletzt bearbeitet 06.03.2026 18:16:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacker can exhaust available container memory, leading to service degradation or complete denial of service (DoS). The issue occurs because the endpoint performs computationally and memory-intensive hashing operations without request throttling, authentication requirements, or resource limits. This issue has been patched in version 3000.10.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerOliveTin

≫

Produkt OliveTin

Version < 3000.10.2

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.181

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/OliveTin/OliveTin/security/advisories/GHSA-pc8g-78pf-4xrp

https://github.com/OliveTin/OliveTin/commit/2eb5f0ba79d4bbef3c802bf8b4666a7e18dcfd90

https://github.com/OliveTin/OliveTin/releases/tag/3000.10.2

https://nvd.nist.gov/vuln/detail/CVE-2026-28342

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-28342

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-28342

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-28342