Home / Vulnerability Intelligence / CVE-2026-30223

CVE-2026-30223 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 9, 2026

OliveTin - Authentication Bypass

Published: March 6, 2026Updated: March 9, 2026Remote Exploitable

Overview

OliveTin < 3000.11.1 contains a broken authentication caused by lack of audience claim enforcement in JWT tokens, letting attackers authenticate with tokens intended for different audiences, exploit requires JWT authentication configured.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 2.4%(Probability of exploitation in next 30 days)

Impact

Attackers can authenticate using tokens meant for other services, potentially gaining unauthorized access.

Mitigation

Upgrade to version 3000.11.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 7, 2026

🟠 CVE-2026-30223 - High (8.8) OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30223/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30223
Severity: High
CVSS Score: 8.8
Type: broken_authentication
Status: unconfirmed
EPSS: 2.4%
Social Posts: 1

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.4%Probability of exploitation in the next 30 days