Skip to main content

Revive Adserver CVE-2026-34917

| EUVDEUVD-2026-38509 MEDIUM
Improper Authentication (CWE-287)
2026-06-23 hackerone GHSA-hmrw-59p6-9fgx
4.3
CVSS 3.0 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
5.4 MEDIUM

Low-privileged network attacker reuses web session against admin API; admin API access implies both read and limited write capability, warranting I:L over the original I:N.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 23, 2026 - 17:09 vuln.today

DescriptionCVE.org

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context (web/API) is now recorded along with other session data, preventing session IDs from being used interchangeably.

AnalysisAI

Session context confusion in Revive Adserver allows a low-privileged web admin console user to reuse their session ID against the XML-RPC API, which is normally restricted to admin-level users. This authentication bypass (CWE-287) grants unauthorized API access, enabling the attacker to chain this foothold with additional API-level vulnerabilities to escalate impact beyond the base CVSS score suggests. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to web admin console with low-privileged account
Delivery
Extract active web console session ID
Exploit
Craft XML-RPC API request with stolen session ID
Execution
API authentication bypass accepted
Persist
Invoke privileged API methods as admin
Impact
Exploit API-level vulnerabilities for further impact

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid, active low-privileged account on the Revive Adserver web admin console - unauthenticated exploitation is not possible (CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.0 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) reflects a moderate, network-exploitable flaw requiring only low-level authentication with no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker authenticates to the Revive Adserver web admin console with a low-privileged account and extracts their active session ID from the browser. They then craft an XML-RPC API request, substituting the web console session ID in place of valid admin credentials. …
Remediation Upgrade to a patched version of Revive Adserver in which the session context (web console vs. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-26756 HIGH POC
7.5 Apr 14

The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vuln

CVE-2026-50741 HIGH
8.8 Jun 26

Remote code execution in Revive Adserver is reachable by authenticated low-privilege users who bypass the prior fix for

CVE-2026-44959 HIGH
8.8 Jun 23

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to smuggle an unexpec

CVE-2026-34914 HIGH
8.3 Jun 23

Blind SQL injection in Revive Adserver 6.0.6 and earlier allows authenticated low-privileged users to inject arbitrary S

CVE-2026-50745 MEDIUM
6.1 Jun 26

Reflected cross-site scripting in Revive Adserver's stats-video.php script allows remote attackers to inject arbitrary J

CVE-2026-34915 MEDIUM
6.1 Jun 23

Blind SQL injection in Revive Adserver 6.0.6 and earlier allows a low-privileged authenticated user to exfiltrate databa

CVE-2026-50740 MEDIUM
5.4 Jun 26

Reflected XSS in Revive Adserver 6.0.7 and earlier allows a low-privileged user to inject unsanitized JavaScript via the

CVE-2026-50742 MEDIUM
5.4 Jun 26

Stored cross-site scripting in Revive Adserver 6.0.7 allows an authenticated low-privilege attacker to inject persistent

CVE-2026-44958 MEDIUM
5.4 Jun 23

Privilege escalation within Revive Adserver 6.0.6 and earlier allows authenticated advertiser-level users to activate or

CVE-2026-50744 MEDIUM
4.3 Jun 26

Session fixation via failed authentication in Revive Adserver 6.0.7's XML-RPC API allows a low-privileged attacker to by

CVE-2026-50739 MEDIUM
4.3 Jun 26

Ownership validation bypass in Revive Adserver 6.0.7 and earlier allows a low-privileged authenticated user to link thei

CVE-2026-34913 MEDIUM
4.3 Jun 23

Improper access control in Revive Adserver 6.0.6 and earlier allows an authenticated low-privileged user to link their o

Share

CVE-2026-34917 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy