CVE-2026-25856
Received Received - Intake
Authenticated Remote Code Execution in OpenBullet2

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulnCheck

Description
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions, to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-25856
EUVD
EUVD-2026-35135
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openbullet2 openbullet2 to 0.3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in OpenBullet2 allows authenticated users to execute arbitrary code on the server, potentially leading to unauthorized access to sensitive data and system resources.

Such unauthorized access and control could result in violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over access to personal and sensitive information.

Exploitation of this vulnerability could compromise confidentiality, integrity, and availability of data, thereby impacting compliance with these standards.

Executive Summary

CVE-2026-25856 is an authenticated remote code execution vulnerability in OpenBullet2 versions up to 0.3.2. It allows authenticated users to execute arbitrary C# code on the server by creating or modifying job configurations.

The vulnerability exists because the plain C# execution mode does not have proper reference filtering or API restrictions, which enables attackers to access the file system, spawn processes, and invoke arbitrary .NET APIs with the privileges of the running process.

Impact Analysis

This vulnerability can have a significant impact as it allows an authenticated attacker to execute arbitrary code on the server hosting OpenBullet2.

  • Attackers can access and manipulate the file system.
  • They can spawn new processes on the server.
  • They can invoke any .NET APIs available to the process user, potentially leading to full system compromise.

Because the attacker operates with the privileges of the running process, the impact can be severe, including data theft, service disruption, or further network compromise.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade OpenBullet2 to a version later than 0.3.2 where this issue is fixed.

Since the vulnerability allows authenticated users to execute arbitrary C# code via job configurations, restricting access to trusted users and limiting permissions of the OpenBullet2 process can reduce risk.

Avoid using the plain C# execution mode or apply additional controls to restrict code execution if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25856. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart