CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-21641

HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.4%

CVSS Severity

CVSS v3 Score 7.1

References

https://hackerone.com/reports/3445710

Products affected by CVE-2026-21641

Aquaplatform » Revive Adserver » Version: Any

cpe:2.3:a:aquaplatform:revive_adserver:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-21641

Products

Pricing

Contact Us