CVE-2026-30224 - OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

CVE ID :CVE-2026-30224 Published : March 6, 2026, 9:16 p.m. | 1 hour, 59 minutes ago Description :OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry (default ≈ 1 year). An attacker with a previously stolen or captured session cookie can continue authenticating after logout, resulting in a post-logout authentication bypass. This is a session management flaw that violates expected logout semantics. This issue has been patched in version 3000.11.1. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...