CVE-2026-44957

NONE EPSS 12.8%
Published Jun 23, 20261w ago · Modified Jun 23, 20261w ago
Find Similar
Published Jun 23, 2026 1w ago
Last Modified Jun 23, 2026 1w ago

Description

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with CVE‑2026‑34917 or with third‑party API extensions that expose API functionality to low‑privileged users. Access control checks have been added to validate access to parent entities in the API modify methods.

Threat Intelligence

EPSS Exploit Probability
12.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-284

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.