CVE Catalog

CVE-2026-25855

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.34%

57th percentile - higher than 57% of all known CVEs

Summary

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources, leading to the execution of scripts on the server.

Risk Assessment

This vulnerability poses a serious risk to organizations, allowing attackers to execute arbitrary commands on the host as the process user. This could lead to system takeover and data leakage.

Recommendation

It is recommended to update OpenBullet2 to the latest version to mitigate this vulnerability. Additionally, access to the proxy loading feature should be restricted to trusted users.

Original NVD description (English source)

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources, causing the server to execute the scripts and return output as proxy lines, resulting in arbitrary command execution on the host as the process user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS