CVE-2026-25555EPSS p84.2%

CVE-2026-25555CVE-2026-25555

Description

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.

Scoring

CVSS 9.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.73% probability of exploitation · percentile 84.2% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25856
CVE
CVE-2026-25559
CVE
CVE-2026-40525
CVE
CVE-2026-25855
CVE
CVE-2026-22207
CVE
CVE-2026-39908
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.