CVE Catalog

CVE-2026-34916

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low-privileged user to inject malicious PHP code into the compiledlimitations field on the database, resulting in its execution during banner delivery.

Risk Assessment

The organization may be exposed to the execution of malicious code, potentially leading to system compromise and data leakage.

Recommendation

It is recommended to upgrade to the latest version of Revive Adserver, where input sanitization and parameter validation have been improved.

Original NVD description (English source)

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Input sanitisation has been improved to ensure that the parameter is properly validated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS