{"id":"CVE-2026-25856","summary":"OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface","details":"OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions, to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user.","modified":"2026-07-16T03:30:49.848844907Z","published":"2026-06-08T16:50:42.870Z","database_specific":{"cwe_ids":["CWE-94"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25856.json","cna_assigner":"VulnCheck"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25856.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25856"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/openbullet2-authenticated-rce-via-job-configuration-interface"},{"type":"PACKAGE","url":"https://github.com/openbullet/openbullet2"},{"type":"EVIDENCE","url":"https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openbullet/openbullet2","events":[{"introduced":"0"},{"last_affected":"71654a9b19d236df7123589296d2822ad1c08685"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"0.3.2"}],"source":"AFFECTED_FIELD"}}],"versions":["0.3.2","0.3.1.2637","0.3.1.2631","0.3.1","0.3.0.2586","0.3.0","0.2.5","0.2.4","0.2.3","0.2.2","0.2.1","0.2.0","0.1.28","0.1.27","0.1.26","0.1.25","0.1.24","0.1.23","0.1.22","0.1.21","0.1.20","0.1.19","0.1.18","0.1.17","0.1.16","0.1.15","0.1.14","0.1.13","0.1.12","0.1.11","0.1.10","0.1.9","0.1.8","0.1.7","0.1.6","0.1.5","0.1.4","0.1.3","0.1.2","0.1.1","0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25856.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}