CVE-2026-39908

Sažetak

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application attempts to load proxies from the UNC path, triggering an SMB authentication attempt that discloses the NTLMv2 hash, which can then be relayed or cracked offline.

Reference

https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2
https://www.vulncheck.com/advisories/openbullet2-ntlmv2-hash-disclosure-via-unc-path-proxy-source

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

09-06-2026 - 13:51

Objavljeno

08-06-2026 - 17:16