← Back
2026-06-08 16:53CVE-2026-25555VulnCheck
PUBLISHED5.2CWE-305x_open-source

OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.

Problem type

Affected products

openbullet

openbullet2

<= 0.3.2 - AFFECTED

References

hackernoon.com

https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2

technical-descriptionexploit
vulncheck.com

https://www.vulncheck.com/advisories/openbullet2-authentication-bypass-via-x-api-key-header

third-party-advisory

GitHub Security Advisories

GHSA-54jj-4v6g-j34h

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key...

https://github.com/advisories/GHSA-54jj-4v6g-j34h

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-25555

hackernoon.com

https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2

vulncheck.com

https://www.vulncheck.com/advisories/openbullet2-authentication-bypass-via-x-api-key-header

github.com

https://github.com/advisories/GHSA-54jj-4v6g-j34h

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-25555
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-25555",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-06-08T17:50:15.554Z",
    "dateReserved": "2026-02-02T20:12:33.395Z",
    "datePublished": "2026-06-08T16:53:37.270Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-06-08T16:53:37.270Z"
      },
      "datePublic": "2026-06-04T00:00:00.000Z",
      "title": "OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials."
        }
      ],
      "affected": [
        {
          "vendor": "openbullet",
          "product": "openbullet2",
          "repo": "https://github.com/openbullet/openbullet2",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "0",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "0.3.2"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Authentication Bypass by Primary Weakness",
              "cweId": "CWE-305",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2",
          "tags": [
            "technical-description",
            "exploit"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/openbullet2-authentication-bypass-via-x-api-key-header",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Maksim Rogov",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "VulnCheck",
          "type": "finder"
        }
      ],
      "tags": [
        "x_open-source"
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-06-08T17:50:15.554Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}