CVE-2026-39908— OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source
Possible ATT&CK Techniques 3AI
T1557 · Adversary-in-the-Middle T1558 · Steal or Forge Kerberos Tickets T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openbullet | openbullet2 | ≤ 0.3.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-39908
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application attempts to load proxies from the UNC path, triggering an SMB authentication attempt that discloses the NTLMv2 hash, which can then be relayed or cracked offline.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的凭证保护机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenBullet2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenBullet2是openbullet个人开发者的一个跨平台自动化测试与数据抓取工具。 OpenBullet2 0.3.2及之前版本在Windows上存在安全漏洞,该漏洞源于凭据泄露,可能导致远程攻击者通过配置指向攻击者控制服务器的UNC路径的作业代理源捕获进程用户的NTLMv2哈希。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| openbullet | openbullet2 | 0 ~ 0.3.2 | - |
II. Public POCs for CVE-2026-39908
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-39908
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-39908 (1)
- 🔗 One Empty Header to Admin: How an Auth Bypass Breaks OpenBullet2 | HackerNoontechnical-descriptionexploit
News Coverage for CVE-2026-39908 (1)
Same Patch Batch · openbullet · 2026-06-08 · 5 CVEs total
| CVE-2026-25555 | 9.8 CRITICAL | OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header |
| CVE-2026-25855 | 8.8 HIGH | OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload |
| CVE-2026-25559 | 8.8 HIGH | OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint |
| CVE-2026-25856 | 8.8 HIGH | OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface |
IV. Related Vulnerabilities
Same product: openbullet2
Same vendor: openbullet
Same weakness: CWE-522
- CVE-2026-53840
OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streama - CVE-2026-6517
Mattermost Desktop App fails to restrict the allow list of d - CVE-2026-49949
CodexBar < 0.33.0 Credential Leakage via HTTP Redirect - CVE-2026-41715
Reactor Netty HTTP Client Leaks Credentials On Protocol Down - CVE-2026-46440
Flowise: Basic Auth Credentials Exposed via API
V. Comments for CVE-2026-39908
No comments yet