CVE-2026-50741

Published Jun 26, 2026

Last updated 5 days ago

Overview

Description
Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method.
Source
support@hackerone.com
NVD status
Analyzed
Products
revive_adserver

Risk scores

CVSS 3.0

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

support@hackerone.com
CWE-94

Social media

Hype score
Not currently trending

Configurations