CVE-2026-5463

Published: Apr 03, 2026 Last Modified: Apr 03, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,3

Source: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,6

Source: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: high

Availability: low

HIGH 7,5

Source: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML

Likelihood of Exploit: High

View CWE Details

https://github.com/DanMcInerney/pymetasploit3

https://pypi.org/project/pymetasploit3/

CVE-2026-5463

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter