Description
A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships.
Published: 2026-06-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a bypass of ownership validation in Revive Adserver linking script, allowing a low‑privileged user to link trackers to campaigns owned by other managers, resulting in inconsistent ownership records. The flaw is an improper access control weakness (CWE‑284). The attack permits the attacker to associate data across managerial boundaries without authorization, potentially leading to data integrity concerns and unauthorized management of tracking information.

Affected Systems

Affected systems are Revive Adserver installations running version 6.0.7 or any prior release.

Risk and Exploitability

The CVSS score of 4.3 indicates low to moderate severity. No EP current exploitation probability is not quantified, but the bug could be targeted by attackers seeking to re‑associate trackers with campaigns across managerial boundaries. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to authenticate as a low‑privileged user and submit a crafted request to tracker‑campaigns.php. The attack requires no special code execution or elevated privileges beyond the normal user level, but the impact is misattribution of tracking data.

Generated by OpenCVE AI on June 26, 2026 at 02:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Revive Adserver to the latest version that removes the ownership validation bug.
  • Configure role‑based access control so that only manager‑level users can link trackers to campaigns.
  • Review existing ownership data for inconsistencies and re‑associate trackers to correct owners where necessary.

Generated by OpenCVE AI on June 26, 2026 at 02:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3780709 cve-icon
History

Fri, 26 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Revive
Revive adserver
Vendors & Products Revive
Revive adserver

Fri, 26 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Title Authorization Bypass in Revive Adserver Tracker‑Campaign Linking

Fri, 26 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Description A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships.
Weaknesses CWE-284
References
Metrics cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Revive Adserver
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-26T12:28:29.684Z

Reserved: 2026-06-06T15:00:09.779Z

Link: CVE-2026-50739

cve-icon Vulnrichment

Updated: 2026-06-26T12:28:25.610Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T06:30:17Z

Weaknesses