CVE-2026-7373— Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading
Possible ATT&CK Techniques 3AI
T1055 · Process Injection T1068 · Exploitation for Privilege Escalation T1574.002Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rapid7 | Metasploit Pro | 5.0.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7373
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading
Source: NVD (National Vulnerability Database)
Vulnerability Description
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a static location. This static location would be writable by a pre-existing "vagrant" user, if they already existed on the system. Metasploit does not create local accounts, an Administrator would need to create it. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits the unprivileged vagrant user to bypass security controls and achieve a full host compromise under the agent's SYSTEM level access.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
从非可信控制范围包含功能例程
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rapid7 Metasploit Pro 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rapid7 Metasploit Pro是美国Rapid7公司的一套渗透测试软件。 Rapid7 Metasploit Pro存在访问控制错误漏洞,该漏洞源于启动时metasploitPostgreSQL服务尝试从标准用户可写的非存在目录加载OpenSSL配置文件,可能导致低权限用户通过放置特制的openssl.cnf文件欺骗高权限服务执行任意命令,从而绕过安全控制并在代理的SYSTEM级别访问下实现完全主机破解。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rapid7 | Metasploit Pro | 5.0.0 | - |
II. Public POCs for CVE-2026-7373
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7373
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Rapid7
- CVE-2026-6863
HTTP Filestore Endpoints Misapply Permissions Across Organiz - CVE-2026-6948
Unbounded Memory Allocation in VQLResponse Result-Set Writer - CVE-2026-6482
Local Privilege Escalation via OpenSSL configuration file in - CVE-2026-6290
Velociraptor Query() Plugin Misapplies Permissions To Orgs - CVE-2026-4482
Insight Agent Private Key Information Disclosure via Inherit
Same weakness: CWE-829
- CVE-2026-44312
css_parser allows to MITM included https css urls - CVE-2026-44995
OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdi - CVE-2026-45184
Kdenlive 安全漏洞 - CVE-2026-43571
OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Res - CVE-2026-43569
OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablem
V. Comments for CVE-2026-7373
No comments yet