Known Vulnerabilities for Metasploit by Rapid7
Listed below are 10 of the newest known vulnerabilities associated with "Metasploit" by "Rapid7".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5463 json | Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers t... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2023-0599 json | Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of Jav... | 4.8 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2020-7385 json | By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same de... | 8.8 - HIGH | 2021-04-23 | 2021-05-14 |
| CVE-2020-7384 json | Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a fil... | 7.8 - HIGH | 2020-10-29 | 2021-02-03 |
| CVE-2020-7377 json | The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path travers... | 7.5 - HIGH | 2020-08-24 | 2020-09-01 |
| CVE-2020-7376 json | The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in t... | 9.8 - CRITICAL | 2020-08-24 | 2020-09-02 |
| CVE-2020-7355 json | Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an a... | 6.1 - MEDIUM | 2020-06-25 | 2020-07-06 |
| CVE-2020-7354 json | Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an at... | 5.4 - MEDIUM | 2020-06-25 | 2020-07-02 |
| CVE-2020-7350 json | Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libn... | 7.8 - HIGH | 2020-04-22 | 2020-04-30 |
| CVE-2019-5645 json | By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an ar... | 7.5 - HIGH | 2020-09-01 | 2020-09-08 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rapid7 | Metasploit | 6.0.3 | |||
| Application | Rapid7 | Metasploit | 6.0.2 | |||
| Application | Rapid7 | Metasploit | 6.0.1 | |||
| Application | Rapid7 | Metasploit | 6.0.0 | |||
| Application | Rapid7 | Metasploit | 5.0.99 | |||
| Application | Rapid7 | Metasploit | 5.0.98 | |||
| Application | Rapid7 | Metasploit | 5.0.97 | |||
| Application | Rapid7 | Metasploit | 5.0.96 | |||
| Application | Rapid7 | Metasploit | 5.0.95 | |||
| Application | Rapid7 | Metasploit | 5.0.94 | |||
| Application | Rapid7 | Metasploit | 5.0.93 | |||
| Application | Rapid7 | Metasploit | 5.0.92 | |||
| Application | Rapid7 | Metasploit | 5.0.91 | |||
| Application | Rapid7 | Metasploit | 5.0.90 | |||
| Application | Rapid7 | Metasploit | 5.0.9 | |||
| Application | Rapid7 | Metasploit | 5.0.89 | |||
| Application | Rapid7 | Metasploit | 5.0.88 | |||
| Application | Rapid7 | Metasploit | 5.0.87 | |||
| Application | Rapid7 | Metasploit | 5.0.86 | |||
| Application | Rapid7 | Metasploit | 5.0.85 |