Description
An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status field has been removed from the hidden form fields in the banner edit screen.
Published: 2026-06-23
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic access control flaw that permits users with only advertiser‑level privileges to change the status of a banner, turning it on or off, despite lacking the required permissions. This is achieved through the banner-edit.php script, which updates a banner’s status based solely on edit permissions and ignores whether the status field is hidden in the form. The weakness lies in missing or improperly validated authorization checks, as identified by CWE‑284.

Affected Systems

Revive Adserver versions 6.0.6 and all earlier releases are affected. The issue is specific to the banner editing functionality exposed by the vendor’s web interface.

Risk and Exploitability

The CVSS assessment assigns a score of 5.4, indicating a moderate impact that could be leveraged by a legitimate advertiser to alter campaign delivery without proper approval. No EPSS value is available, and the vulnerability is not listed in CISA’s KEV catalogue. Based on the description, the likely attack vector is remote over the web interface, requiring only authenticated use of the advertiser account and no exploitation of external services.

Generated by OpenCVE AI on June 24, 2026 at 01:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify which Revive Adserver version is installed; currently no official fix is documented.
  • Modify advertiser permissions to remove banner‑edit rights or ensure that status changes are not allowed via the web interface.
  • Implement custom access‑control checks or contact the vendor for an official patch when it becomes available.

Generated by OpenCVE AI on June 24, 2026 at 01:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3678828 cve-icon
History

Wed, 24 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Access Control Bypass in Revive Adserver Banner Status Update

Tue, 23 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Banner Status Bypass in Revive Adserver

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Revive
Revive adserver
Vendors & Products Revive
Revive adserver

Tue, 23 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title Banner Status Bypass in Revive Adserver

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status field has been removed from the hidden form fields in the banner edit screen.
Weaknesses CWE-284
References
Metrics cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Revive Adserver
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-23T17:30:59.414Z

Reserved: 2026-05-08T15:00:02.447Z

Link: CVE-2026-44958

cve-icon Vulnrichment

Updated: 2026-06-23T17:27:32.906Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T01:15:05Z

Weaknesses