NextGuard
UNKNOWNCVE-2026-5463

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks

Platform

python

Component

pymetasploit3

View on NVD

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.

How to fix

Actualice la biblioteca pymetasploit3 a una versión posterior a la 1.0.6. Esto solucionará la vulnerabilidad de inyección de comandos. Puede actualizar usando pip: `pip install --upgrade pymetasploit3`.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-5463 — Vulnerability Details | NextGuard | NextGuard