CVE Catalog

CVE-2026-25856

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

50th percentile - higher than 50% of all known CVEs

Summary

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions.

Risk Assessment

This vulnerability could lead to serious security breaches, allowing attackers to access the file system and spawn processes as the process user. This may result in data theft or server takeover.

Recommendation

It is recommended to update OpenBullet2 to the latest version to mitigate this vulnerability. Additionally, access to job configurations should be restricted to trusted users.

Original NVD description (English source)

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions, to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS