CVE-2026-25856
Description
OpenBullet2 versions prior to 0.3.2 allow authenticated users to execute arbitrary C# code via job configurations, leading to RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenBullet2 versions prior to 0.3.2 allow authenticated users to execute arbitrary C# code via job configurations, leading to RCE.
Vulnerability
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability. This flaw allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. The vulnerability is present due to the plain C# execution mode lacking reference filtering or API restrictions [1].
Exploitation
An attacker with authenticated access to OpenBullet2 can exploit this vulnerability by creating or modifying job configurations. By leveraging the plain C# execution mode, an attacker can craft malicious C# code to be executed on the server [1].
Impact
Successful exploitation allows an attacker to execute arbitrary C# code on the server host as the process user. This can lead to unauthorized access to the file system, the ability to spawn processes, and the invocation of arbitrary .NET APIs, resulting in a full compromise of the server's capabilities within the context of the running process [1].
Mitigation
OpenBullet2 versions 0.3.2 and later are considered fixed. Users are advised to upgrade to a patched version as soon as possible. No specific release date for the patch was provided in the available references [1].
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=0.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.