{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21640", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-01T15:00:02.339Z", "datePublished": "2026-01-20T20:48:47.940Z", "dateUpdated": "2026-01-21T18:52:43.635Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Revive", "product": "Revive Adserver", "versions": [{"version": "6", "status": "affected", "lessThanOrEqual": "6.0.4", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/3445332"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.7, "baseSeverity": "LOW"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-20T20:48:47.940Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-134", "lang": "en", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-21T18:32:40.483218Z", "id": "CVE-2026-21640", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T18:52:43.635Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T18:32:40.483218Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T18:35:26.346Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "Revive", "product": "Revive Adserver", "versions": [{"status": "affected", "version": "6", "versionType": "semver", "lessThanOrEqual": "6.0.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/3445332"}], "descriptions": [{"lang": "en", "value": "HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-20T20:48:47.940Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21640", "state": "PUBLISHED", "dateUpdated": "2026-01-21T18:52:43.635Z", "dateReserved": "2026-01-01T15:00:02.339Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-01-20T20:48:47.940Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aquaplatform:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA08D1C-3638-4E0D-AC58-A8527E77536F", "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error."}], "id": "CVE-2026-21640", "lastModified": "2026-01-30T20:17:33.390", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "support@hackerone.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-20T21:16:06.063", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/3445332"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T15:44:56.258401+00:00", "value": {"mitigation_remediation": ["Contact Revive Adserver support for an official patch or further guidance", "Validate and sanitize user input in configuration settings to reject format string patterns before storing or using them", "Restrict administrative access to configuration pages to trusted personnel and enforce principle of least privilege"], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Revive Adserver is affected; no specific version information is available, so any installation that uses the current settings interface should be treated as potentially vulnerable.", "description_and_impact": "The vulnerability is a format string injection in configuration settings of Revive Adserver. When an attacker supplies certain character combinations, the PHP process throws a fatal error, causing the admin console to become unusable. This weakness corresponds to CWE\u2011134, which can lead to a loss of functionality for privileged users. The consequence is a denial of service to administrators, preventing configuration changes and potentially interrupting ad delivery schedules.", "risk_and_exploitability": "The CVSS score of 2.7 indicates moderate severity, but the low EPSS score (<1%) and absence from the KEV catalog suggest a low likelihood of exploitation in the near term. The likely attack vector is through authenticated access to the admin interface, where an attacker can modify settings. The vulnerability requires administrator privileges to inject the format string; unauthenticated users cannot trigger the error. Because the impact is limited to a denial of service for administrators, the overall risk is considered low to moderate."}}}}, "created": "2026-01-21T11:18:53.460708+00:00", "title": "Format String Injection in Revive Adserver Settings Causing Admin Console Crash", "updated": "2026-04-18T15:45:04.276549+00:00", "vendors": ["revive", "revive$PRODUCT$adserver"]}