CVE-2026-25559— OpenBullet2 路径遍历漏洞

OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application runs as root by default.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

OpenBullet2 路径遍历漏洞

OpenBullet2是openbullet个人开发者的一个跨平台自动化测试与数据抓取工具。 OpenBullet2 0.3.2及之前版本存在路径遍历漏洞，该漏洞源于wordlist端点存在路径遍历漏洞，可能导致经过身份验证的攻击者通过提供未清理的绝对路径执行任意文件读取、写入和删除操作，攻击者可通过操作关键系统文件实现远程代码执行。

N/A

N/A