CVE-2026-25856: Improper Control of Generation of Code ('Code Injection') in openbullet openbullet2
OpenBullet2 versions through 0. 3. 2 have an authenticated remote code execution vulnerability that allows users with valid credentials to execute arbitrary C# code on the server. This occurs via creation or modification of job configurations using a plain C# execution mode that lacks restrictions on API usage or references. Exploitation can lead to file system access, process spawning, and invocation of any . NET API with the privileges of the running process. The vulnerability has a high severity rating with a CVSS 4. 0 score of 8. 7. No official patch or remediation guidance is currently available from the vendor.
AI Analysis
Technical Summary
CVE-2026-25856 is an authenticated remote code execution vulnerability in OpenBullet2 up to version 0.3.2. Authenticated users can execute arbitrary C# code on the server by manipulating job configurations. The vulnerability arises because the plain C# execution mode does not filter references or restrict API calls, enabling full access to the file system, process creation, and arbitrary .NET API invocation under the process user context. This flaw allows attackers to perform actions equivalent to remote code execution with the privileges of the OpenBullet2 process.
Potential Impact
Successful exploitation allows an authenticated attacker to execute arbitrary code on the server hosting OpenBullet2, potentially leading to full system compromise depending on the privileges of the OpenBullet2 process. The attacker can access files, spawn processes, and invoke any .NET API, which can result in data theft, service disruption, or further lateral movement within the environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to OpenBullet2 to trusted users only and monitor for suspicious activity related to job configuration changes. Consider isolating the OpenBullet2 server and limiting its privileges to reduce potential impact.
CVE-2026-25856: Improper Control of Generation of Code ('Code Injection') in openbullet openbullet2
Description
OpenBullet2 versions through 0. 3. 2 have an authenticated remote code execution vulnerability that allows users with valid credentials to execute arbitrary C# code on the server. This occurs via creation or modification of job configurations using a plain C# execution mode that lacks restrictions on API usage or references. Exploitation can lead to file system access, process spawning, and invocation of any . NET API with the privileges of the running process. The vulnerability has a high severity rating with a CVSS 4. 0 score of 8. 7. No official patch or remediation guidance is currently available from the vendor.
CVSS v4.0
Score 8.7high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-25856 is an authenticated remote code execution vulnerability in OpenBullet2 up to version 0.3.2. Authenticated users can execute arbitrary C# code on the server by manipulating job configurations. The vulnerability arises because the plain C# execution mode does not filter references or restrict API calls, enabling full access to the file system, process creation, and arbitrary .NET API invocation under the process user context. This flaw allows attackers to perform actions equivalent to remote code execution with the privileges of the OpenBullet2 process.
Potential Impact
Successful exploitation allows an authenticated attacker to execute arbitrary code on the server hosting OpenBullet2, potentially leading to full system compromise depending on the privileges of the OpenBullet2 process. The attacker can access files, spawn processes, and invoke any .NET API, which can result in data theft, service disruption, or further lateral movement within the environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to OpenBullet2 to trusted users only and monitor for suspicious activity related to job configuration changes. Consider isolating the OpenBullet2 server and limiting its privileges to reduce potential impact.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-02-06T19:12:03.462Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a26f65be29bf47b50429d88
Added to database: 6/8/2026, 5:05:31 PM
Last enriched: 6/8/2026, 5:18:49 PM
Last updated: 6/8/2026, 6:41:40 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.