CVE-2026-44957
NONE EPSS 12.8%
Published Jun 23, 20261w ago · Modified Jun 23, 20261w ago
Published Jun 23, 2026 1w ago
Last Modified Jun 23, 2026 1w ago
Description
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with CVE‑2026‑34917 or with third‑party API extensions that expose API functionality to low‑privileged users. Access control checks have been added to validate access to parent entities in the API modify methods.
Threat Intelligence
EPSS Exploit Probability
12.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-284
References 1
- hackerone.com https://hackerone.com/reports/3677576
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.