CVE-2026-25559
HIGHOpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint
Title source: cnaDescription
OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application runs as root by default.
References (2)
Core 2
Core References
Exploit technical-description
exploit
https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/openbullet2-path-traversal-via-wordlist-endpoint
Scores
CVSS v3
8.8
EPSS
0.0090
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
openbullet/openbullet2
< 0.3.2
Published
Jun 08, 2026
Tracked Since
Jun 08, 2026