CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-21640

HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.1%

CVSS Severity

CVSS v3 Score 2.7

References

https://hackerone.com/reports/3445332

Products affected by CVE-2026-21640

Aquaplatform » Revive Adserver » Version: Any

cpe:2.3:a:aquaplatform:revive_adserver:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-21640

Products

Pricing

Contact Us