← Voltar para CVEs
CVE-2026-5463
HIGH8.6
Descricao
Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.
Detalhes CVE
Pontuacao CVSS v3.18.6
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/3/2026
Ultima modificacao4/3/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-77
Referencias
https://github.com/DanMcInerney/pymetasploit3(309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c)
https://pypi.org/project/pymetasploit3/(309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.