CVE-2026-39908 — OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sourc — CVE Database · The Intelligence Room