🔐 CVE Alert

CVE-2026-50739

MEDIUM 4.3
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships.

CWE CWE-284
Vendor revive
Product adserver
Published Jun 26, 2026
Stay Ahead of the Next One

Get instant alerts for revive adserver

Be the first to know when new medium vulnerabilities affecting revive adserver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Versions

Revive / Adserver
0 ≤ 6.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗
hackerone.com: https://hackerone.com/reports/3780709

Credits

hakuopi sy2no garuthacktvist aszh