ByteOS Network

CVE Vulnerability Details :

CVE-2026-44957

PUBLISHED

More Info Official Page

Assigner-hackerone

Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1

Published At-23 Jun, 2026 | 16:14

Updated At-23 Jun, 2026 | 17:40

▼CVE Numbering Authority (CNA)

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with CVE‑2026‑34917 or with third‑party API extensions that expose API functionality to low‑privileged users. Access control checks have been added to validate access to parent entities in the API modify methods.

Affected Products

Vendor

Revive

Product

Adserver

Default Status

unaffected

Versions

Affected

From 0 through 6.0.6 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-284	CWE-284 Improper Access Control - Generic

Type: CWE

CWE ID: CWE-284

Description: CWE-284 Improper Access Control - Generic

Metrics

Version	Base score	Base severity	Vector
3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Credits

reporter

barcrange (3l4)

References

Hyperlink	Resource
https://hackerone.com/reports/3677576	N/A

Hyperlink: https://hackerone.com/reports/3677576

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References