Description
OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application runs as root by default.
Published: 2026-06-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenBullet2 version 0.3.2 is vulnerable to a path traversal flaw in the wordlist endpoint. The flaw allows an authenticated user to supply unsanitized absolute paths to the upload handler and wordlist functions, enabling arbitrary file read, write, and delete operations. Because the application runs as root by default, an attacker can chain file write and delete primitives to overwrite critical system files such as /etc/passwd, thereby achieving remote code execution with full system compromise.

Affected Systems

The vulnerable software is OpenBullet2 provided by the openbullet organization, specifically versions up to and including 0.3.2. Any deployment of this version that accepts authenticated requests to the wordlist endpoint is impacted.

Risk and Exploitability

The CVSS score of 8.7 reflects a high severity vulnerability with potential for full system compromise. The EPSS score is not available, so the current exploitation probability is uncertain, though the lack of a KEV listing suggests no documented exploitation yet. However, attackers only need to be authenticated, a condition that many users satisfy, and because path traversal can target any file on the host, the likelihood of successful exploitation is significant. The attack vector likely involves sending crafted absolute path inputs to the wordlist endpoint. Prompt remediation is essential.

Generated by OpenCVE AI on June 8, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenBullet2 to a version that does not contain the path traversal flaw (e.g., any release newer than 0.3.2).
  • Run the OpenBullet2 application under a non‑root user or restrict its privileges to the minimum required for operation.
  • Enforce strict input validation on the wordlist endpoint to reject absolute paths and limit file operations to whitelisted directories, and configure filesystem permissions to prevent unwarranted writes or deletions.

Generated by OpenCVE AI on June 8, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Openbullet
Openbullet openbullet2
Vendors & Products Openbullet
Openbullet openbullet2

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application runs as root by default.
Title OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openbullet Openbullet2
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-09T14:35:23.849Z

Reserved: 2026-02-02T20:12:33.396Z

Link: CVE-2026-25559

cve-icon Vulnrichment

Updated: 2026-06-09T14:32:52.502Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T17:16:41.237

Modified: 2026-06-09T13:51:18.770

Link: CVE-2026-25559

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:56:47Z

Weaknesses