CVE-2026-25855
Description
OpenBullet2 0.3.2 allows authenticated users to achieve RCE by uploading malicious script files via the FileProxySource feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenBullet2 0.3.2 allows authenticated users to achieve RCE by uploading malicious script files via the FileProxySource feature.
Vulnerability
OpenBullet2 versions through 0.3.2 are vulnerable to remote code execution. This vulnerability exists within the FileProxySource proxy loading feature, which allows authenticated users to upload script files (e.g., .bat, .ps1, .sh). [1]
Exploitation
An attacker must first be authenticated to the OpenBullet2 instance. They can then exploit this vulnerability by uploading a malicious script file disguised as a proxy source. The server will execute this script, and its output will be returned as proxy lines, leading to command execution. [1]
Impact
Successful exploitation allows an attacker to execute arbitrary commands on the host system with the privileges of the OpenBullet2 process user. This can lead to a full compromise of the server. [1]
Mitigation
OpenBullet2 version 0.3.2 has been patched. Users should update to a version later than 0.3.2. No workarounds are specified in the available references. [1]
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=0.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.