CVE 8.7 HIGH

OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint_CVE-2026-25559

June 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application runs as root by default.

AI Analysis

Path traversal vulnerability in wordlist endpoint allowing arbitrary file read, write, and delete operations

Basic Information

ID CVE-2026-25559

Source VulnCheck

Published Jun 8, 2026 at 16:52

Affected Product

Vendor OpenBullet

Product openbullet2

Version 0.3.2

Affected Versions openbullet openbullet2 0

CWE Classification

CWE-22

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor OpenBullet

Product OpenBullet2

Version 0.3.2

References

{
    "lastseen": "",
    "description": "OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application runs as root by default.",
    "published": "2026-06-08T16:52:35.917Z",
    "modified": "2026-06-08T16:52:35.917Z",
    "type": "cve",
    "title": "OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint",
    "source": "VulnCheck",
    "references": "https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2\nhttps://www.vulncheck.com/advisories/openbullet2-path-traversal-via-wordlist-endpoint",
    "id": "CVE-2026-25559",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "openbullet openbullet2 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "openbullet2",
    "version": "0.3.2",
    "vendor": "OpenBullet",
    "ai_description": "Path traversal vulnerability in wordlist endpoint allowing arbitrary file read, write, and delete operations",
    "ai_severity": "High",
    "ai_vendor": "OpenBullet",
    "ai_product": "OpenBullet2",
    "ai_version": "0.3.2",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply