SQL Injection Vulnerability in Revive Adserver by Revive Adserver Team
CVE-2026-34914

8.3HIGH

Key Information:

Vendor: Revive
Status: Adserver
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-34914?

An SQL injection vulnerability exists in the input handling of the clientid parameter in the zone-include.php script of Revive Adserver versions 6.0.6 and earlier. This vulnerability allows low-privileged users to execute blind SQL injection attacks due to insufficient input sanitization. The vendor has addressed this issue by enhancing the validation for parameters processed within the script, preventing unauthorized database queries.

Affected Version(s)

Adserver 0 <= 6.0.6

References

https://hackerone.com/reports/3653196

CVSS V3.0

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Kaushalendra Dubey (titanrain)

CVE-2026-34914 Data

JSON