What is CVE-2026-34917?

CVE-2026-34917 is a medium-severity vulnerability in Revive Adserver, classified under Improper Authentication. CVSS score: 4.3/10. Published 2026-06-23.

How severe is CVE-2026-34917?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Auth bypass in Revive Adserver

CVE-2026-34917

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑leve…

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Revive Adserver — versions 0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

support@hackerone.com

Frequently asked questions

What is CVE-2026-34917?: CVE-2026-34917 is a medium-severity vulnerability in Revive Adserver, classified under Improper Authentication. CVSS score: 4.3/10. Published 2026-06-23.
How severe is CVE-2026-34917?: Medium severity. CVSS v3 base score is 4.3 out of 10.