CVE Catalog

CVE-2026-50741

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile — higher than 24% of all known CVEs

Summary

CVE-2026-50741 bypasses the fix for CVE-2026-34916. Attackers can bypass the security patch by sending a disallowed but valid plugin identifier as type or by using the `ox.setChannelTargeting` XML-RPC API method.

Risk Assessment

The risk involves bypassing an existing security patch, potentially leading to unauthorized access or manipulation of channel targeting settings in the system.

Recommendation

It is recommended to immediately apply the latest security patch from the vendor and verify that the `ox.setChannelTargeting` method is properly protected against unauthorized use.

Original NVD description (English source)

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS