CVE-2026-39908

Published: Giu 08, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application attempts to load proxies from the UNC path, triggering an SMB authentication attempt that discloses the NTLMv2 hash, which can then be relayed or cracked offline.

522

Insufficiently Protected Credentials

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, ICS/OT

View CWE Details

https://hackernoon.com/one-empty-header-to-admin-how-an-aut…

https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-open…

https://www.vulncheck.com/advisories/openbullet2-ntlmv2-has…

https://www.vulncheck.com/advisories/openbullet2-ntlmv2-hash-disclosure-via-unc…

CVE-2026-39908

Description

Insufficiently Protected Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter