Description
An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status field has been removed from the hidden form fields in the banner edit screen.
Published: 2026-06-23
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic access control advertiser‑level privileges to change the status of a banner, turning it on or off, despite lacking the required permissions. The banner‑edit.php’s status based solely on edit permissions and ignores whether the status field is hidden in the form, making the status field insufficient for preventing unauthorized changes. The weakness lies in missing or improperly validated authorization checks, as identified by CWE‑284.

Affected Systems

Revive Adserver versions 6.0.6 and all earlier releases are affected. The issue is editing functionality exposed by the vendor’s web interface.

Risk and Exploitability

The CVSS assessment assigns a score of 5.4, indicating a moderate impact that could be leveraged by a legitimate advertiser to alter campaign delivery without proper approval. No EPSS value is available, and the vulnerability is not listed in the CISA KEV catalogue. Based on the description, the likely attack vector is remote over the web interface, requiring only authenticated use of the advertiser account and no exploitation of external services.

Generated by OpenCVE AI on June 24, 2026 at 11:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Modify advertiser permissions to remove banner‑edit rights or ensure that status changes are not allowed via the web interface.
  • Implement custom access‑control checks or contact the vendor for an official patch when it becomes available.
  • Configure the server or application to block or ignore outbound status change requests from users without explicit status edit rights, effectively disabling the toggle until a vendor patch is applied.

Generated by OpenCVE AI on June 24, 2026 at 11:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Wed, 24 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Advertiser-Level Access Control Bypass in Revive Adserver Banner Editing

Wed, 24 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Title Advertiser-Level Access Control Bypass in Revive Adserver Banner Editing

Wed, 24 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Access Control Bypass in Revive Adserver Banner Status Update

Wed, 24 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Access Control Bypass in Revive Adserver Banner Status Update

Tue, 23 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Banner Status Bypass in Revive Adserver

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Revive
Revive adserver
Vendors & Products Revive
Revive adserver

Tue, 23 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title Banner Status Bypass in Revive Adserver

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status field has been removed from the hidden form fields in the banner edit screen.
Weaknesses CWE-284
References
Metrics cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-23T17:30:59.414Z

Reserved: 2026-05-08T15:00:02.447Z

Link: CVE-2026-44958

cve-icon Vulnrichment

Updated: 2026-06-23T17:27:32.906Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T12:00:05Z

Weaknesses