PT-2026-52647 · Unknown · Revive Adserver
Aszh
+3
·
Published
2026-06-26
·
Updated
2026-06-26
·
CVE-2026-50739
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Revive Adserver versions prior to 6.0.8
Description
An ownership validation bypass exists in the reverse operation of linking campaigns and trackers via the
tracker-campaigns.php script. This flaw allows a low-privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership relationships.Recommendations
Update to version 6.0.8 or later.
Restrict access to the
tracker-campaigns.php script to authorized administrators until the update is applied.Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Revive Adserver