Description
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions, to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user.
Published: 2026-06-08
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenBullet2 up to version 0.3.2 contains an authenticated remote code execution flaw. By creating or editing job configurations, a legitimate user can run arbitrary C# code on the server. The C# execution environment has no reference filtering or API restrictions, enabling file system access, process creation, and arbitrary .NET API calls under the host process account. This vulnerability grants full compromise of the machine running the service.

Affected Systems

The affected product is OpenBullet2, openbullet2, version 0.3.2 and earlier. Only authenticated users of the system can exploit the flaw, as the job configuration interface requires login credentials to create or modify jobs.

Risk and Exploitability

The CVSS score is 8.7, indicating a high severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires valid credentials and access to the job configuration interface; an attacker can subsequently execute arbitrary C# code, read or modify files, and spawn processes on the server host.

Generated by OpenCVE AI on June 8, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenBullet2 to a patched release that eliminates the ability to execute arbitrary C# code via job configuration.
  • If an immediate upgrade is not possible, limit the job configuration interface to a minimum set of trusted users and ensure only authorized accounts can create or modify jobs.
  • Disable the plain C# execution mode or enforce reference filtering for job configurations to prevent unrestricted code execution.

Generated by OpenCVE AI on June 8, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions, to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user.
Title OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-08T18:48:33.862Z

Reserved: 2026-02-06T19:12:03.462Z

Link: CVE-2026-25856

cve-icon Vulnrichment

Updated: 2026-06-08T18:48:12.326Z

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:41.523

Modified: 2026-06-08T17:16:41.523

Link: CVE-2026-25856

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T18:30:16Z

Weaknesses