PT-2026-52649 · Revive · Andserver

Mikhail Ilin

Published

2026-06-26

Updated

2026-06-26

CVE-2026-50741

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-50741

Affected Products

Andserver

PT-2026-52649 · Revive · Andserver

CVE-2026-50741

Weakness Enumeration

Related Identifiers

Affected Products

References · 3