CVE-2026-50741

Summary

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method.

Affected Software

VendorProductVersion RangeStatus
ReviveAdserver0 <= 6.0.7affected

Weaknesses

  • CWE-94: CWE-94 Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References