CVE-2026-39908
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk23th percentile - higher than 23% of all known CVEs
Summary
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server.
Risk Assessment
This vulnerability poses a risk of credential theft, potentially leading to unauthorized access to organizational systems and data.
Recommendation
It is recommended to update OpenBullet2 to the latest version and to avoid configuring proxy sources using UNC paths pointing to external servers.
Original NVD description (English source)
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application attempts to load proxies from the UNC path, triggering an SMB authentication attempt that discloses the NTLMv2 hash, which can then be relayed or cracked offline.

