CVE-2026-44961

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.

CWE	CWE-287
Vendor	revive
Product	adserver
Published	Jun 23, 2026
Last Updated	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for revive adserver

Be the first to know when new unknown vulnerabilities affecting revive adserver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Affected Versions

Revive / Adserver

0 ≤ 6.0.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hackerone.com: https://hackerone.com/reports/3680090

Credits

🔍 barcrange (3l4)