Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-31817
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OliveTin's unsafe parsing of UniqueTrackingId can be used to write files
Source: NVD (National Vulnerability Database)
Vulnerability Description
OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OliveTin 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OliveTin是OliveTin开源的一个Web应用。 OliveTin 3000.11.2之前版本存在路径遍历漏洞,该漏洞源于使用用户提供的UniqueTrackingId字段构造日志文件名时未进行验证或清理,可能导致目录遍历和任意文件写入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
OliveTinOliveTin < 3000.11.2 -
II. Public POCs for CVE-2026-31817
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2026-31817
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: OliveTin
Same vendor: OliveTin
Same weakness: CWE-22
V. Comments for CVE-2026-31817

No comments yet

Leave a comment