CYBERHAWK / CVE / CVE-2026-25555

CVE-2026-25555

CRITICAL CVSS 9.8 other

The flaw

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers ca

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-25555

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

One Empty Header to Admin: How an Auth Bypass Breaks OpenBullet2HackerNoon · 2026-06-06

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits