Session ID Reuse Vulnerability in Web Admin Console of Affected Product by Vendor
CVE-2026-34917

4.3MEDIUM

Key Information:

Vendor: Revive
Status: Adserver
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-34917?

A session ID reuse vulnerability exists in the web admin console of the affected product, allowing low-privileged session IDs to be exploited via the XML-RPC API. This API typically restricts access to admin users; however, an unauthorized attacker may leverage these session IDs to gain access to sensitive API functionalities. The updated session context records now prevent the interchangeability of session IDs between web and API sessions, enhancing security measures.

Affected Version(s)

Adserver 0 <= 6.0.6

References

https://hackerone.com/reports/3672641

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

0x4c616e

CVE-2026-34917 Data

JSON