2026-05-18 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2026-7373 | Rapid7 - Metasploit Pro | Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access. | CVSS4.0: 8.5 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading | github |
This post is licensed under CC BY 4.0 by the author.