Security Advisory

CVE-2026-21641

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-20 20:48:47

Last updated 2026-01-21 18:52:48

Assigner hackerone

State PUBLISHED

Description

HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts.

← Browse all CVEs View on cve.org ↗