PatchSiren cyber security CVE debrief
CVE-2026-48708 OliveTin CVE debrief
CVE-2026-48708 is a high-severity vulnerability in OliveTin, a tool providing access to predefined shell commands via a web interface. Versions 3000.0.0 and prior are affected by a race condition in the template engine, which uses a single shared text/template.Template instance across all goroutines. This leads to cross-user command contamination, Go runtime panic, and incorrect command execution when multiple actions execute concurrently. The issue has been resolved in version 3000.13.0.
- Vendor
- OliveTin
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-16
Who should care
Users of OliveTin versions 3000.0.0 and prior should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The template engine in OliveTin uses a single shared text/template.Template instance across all goroutines. When multiple actions execute concurrently, a race condition occurs, leading to cross-user command contamination, Go runtime panic, and incorrect command execution.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to OliveTin version 3000.13.0 or later.
- Review and update any existing deployments to ensure they are using the patched version.
Evidence notes
The CVE-2026-48708 record and associated details can be found at [cve-org]. Additional information is available at [nvd].
Official resources
CVE-2026-48708 was published on 2026-06-15T21:17:15.570Z and has not been modified.