Which versions of OpenBullet2 are affected by CVE-2026-39908?

OpenBullet2 (through version 0.3.2 on Windows) contains a credential disclosure vulnerability allowing authenticated users to capture Windows service account credentials; publicly available exploit…

Is there a public PoC exploit available for CVE-2026-39908?

Yes, a public proof-of-concept exploit is available for CVE-2026-39908. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-39908?

Within 24 hours: Identify and inventory all systems running OpenBullet2 version 0.3.2 and earlier; restrict or disable remote access to the application. Within 7 days: Treat service account credentials as potentially compromised and execute credential rotation for all accounts running OpenBullet2; evaluate alternative security testing tools. Within 30 days: Complete decommissioning or migration away from OpenBullet2 (no vendor-released patch identified at time of analysis); review Windows Security Event logs for suspicious SMB authentication activity.

OpenBullet2 CVE-2026-39908

Q: What is the CVSS score of CVE-2026-39908?

CVE-2026-39908 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-35133 HIGH

Insufficiently Protected Credentials (CWE-522)

2026-06-08 VulnCheck

GHSA-489c-3g86-35rh

Information Disclosure Microsoft

7.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 17:26 vuln.today

Severity Changed

Jun 08, 2026 - 17:22 NVD

MEDIUM HIGH

CVSS changed

Jun 08, 2026 - 17:22 NVD

6.5 (MEDIUM) 7.1 (HIGH)

CVE Published

Jun 08, 2026 - 16:47 nvd

HIGH 7.1

DescriptionCVE.org

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application attempts to load proxies from the UNC path, triggering an SMB authentication attempt that discloses the NTLMv2 hash, which can then be relayed or cracked offline.

AnalysisAI

Credential disclosure in OpenBullet2 through 0.3.2 on Windows allows authenticated remote attackers to coerce SMB authentication and capture NTLMv2 hashes by configuring a job's proxy source with an attacker-controlled UNC path. Captured hashes can be relayed against other services or cracked offline to recover the password of the account running the application. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Gain job-configuration access on OpenBullet2

Delivery

Stand up rogue SMB listener (Responder/smbserver)

Exploit

Configure job proxy source as attacker UNC path

Install

Start job to trigger SMB authentication

Capture Net-NTLMv2 hash on attacker server

Execute

Crack offline or relay to internal service

Impact

Authenticate as OpenBullet2 process user