A vulnerability was found in openbullet2 up to 0.3.2 . It has been declared as critical . Affected by this vulnerability is an unknown functionality of the component Wordlist Endpoint . The manipulation results in path traversal. This vulnerability is known as CVE-2026-25559 . It is possible to launch the attack remotely. No exploit is available.