CVE-2026-50739 - Revive Adserver Tracker-Campaign Linking Authorization Bypass
CVE ID :CVE-2026-50739
Published : June 26, 2026, 1:11 a.m. | 3 hours, 30 minutes ago
Description :A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 26, 2026, 1:11 a.m. | 3 hours, 30 minutes ago
Description :A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...