PatchSiren cyber security CVE debrief
CVE-2026-39908 openbullet CVE debrief
CVE-2026-39908 is a credential disclosure vulnerability in OpenBullet2 through version 0.3.2 on Windows. Remote attackers can capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application attempts to load proxies from the UNC path, triggering an SMB authentication attempt that discloses the NTLMv2 hash, which can then be relayed or cracked offline.
- Vendor
- openbullet
- Product
- openbullet2
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of OpenBullet2 version 0.3.2 or earlier on Windows should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability exists in OpenBullet2 through version 0.3.2 on Windows. An attacker can exploit this vulnerability by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When a job is started, the application attempts to load proxies from the UNC path, triggering an SMB authentication attempt that discloses the NTLMv2 hash of the process user.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates to OpenBullet2 to fix the credential disclosure vulnerability.
- Configure job proxy sources to use secure paths.
- Monitor for suspicious activity related to SMB authentication attempts.
Evidence notes
The CVE-2026-39908 vulnerability was published on 2026-06-08T17:16:42.460Z and modified on 2026-06-09T13:51:18.770Z. The CVSS score is 7.1, indicating a High severity.
Official resources
CVE-2026-39908 was published on 2026-06-08T17:16:42.460Z and modified on 2026-06-09T13:51:18.770Z.