CVE-2026-21640
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-30
Assigner: HackerOne
Description
Description
HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aquaplatform | revive_adserver | From 6.0.0 (inc) to 6.0.4 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a format string injection in the Revive Adserver settings. When certain character combinations are entered into a setting, it can cause a fatal PHP error that disables the admin user console.
How can this vulnerability impact me? :
The vulnerability can impact you by disabling the admin user console of the Revive Adserver, potentially preventing administrative access and management of the ad server.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70