


























Our humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/cisco_sdwan_vhub_auth_bypass module for CVE-2026-20182, a vulnerability gracing the Cisco Catalyst SD-WAN Controller. The devices, whose purpose is to control a software-defined (SD) wide-area-network (WAN) was unfortunately missing an extra A for authentication. An oversight that Cisco has duly patched.
Elsewhere this week, the HUSTOJ online judge platform has been caught failing to judge its own zip files (CVE-2026-24479), courtesy of a zip-slip RCE module from LoTuS and friends. Next, @Alpenlol has weaponized the small matter of Barracuda's Email Security Gateway, happily eval()-ing the number format string inside an attached Excel file (CVE-2023-7102).
Our own @jburgess-r7 has been rather busy and also contributed a cPanel/WHM authentication bypass module that escalates straight to root via CRLF injection (CVE-2026-41940). And last, but not least, @h00die has gifted us a post module for Tenable Security Center that quietly extracts and cracks its stored credential hashes. Nevertheless, this module works only if your Tenable Security Center is using the same password you have been using since 2006.

Authors: Crypto-Cat and sfewer-r7
Type: Auxiliary
Pull request: #21463 contributed by jburgess-r7
Path: admin/networking/cisco_sdwan_vhub_auth_bypass
AttackerKB reference: CVE-2026-20182
Description: This adds a new auxiliary module for CVE-2026-20182, an authentication bypass in the Cisco Catalyst SD-WAN Controller.
Authors: LoTuS and friends, ling101w, and oxagast
Type: Exploit
Pull request: #21165 contributed by oxagast
Path: linux/http/hustoj_problem_import_rce
AttackerKB reference: CVE-2026-24479
Description: This adds an exploit for CVE-2026-24479 which is a zip slip vulnerability in HustOJ, an open source online judge platform, prior to version 26.01.24.
Authors: Curt Hyvarinen, Mandiant, and haile01
Type: Exploit
Pull request: #21035 contributed by Alpenlol
Path: linux/smtp/barracuda_esg_spreadsheet_rce
AttackerKB reference: CVE-2023-7101
Description: Adds a new exploit module for CVE-2023-7102, an unauthenticated remote code execution vulnerability in Barracuda Email Security Gateway (ESG) appliances. The flaw resides in the Amavis scanner's use of the Perl Spreadsheet::ParseExcel library, which allows eval injection via malicious Excel number format strings. The module uses Rex::OLE to craft a minimal BIFF8 XLS file with the payload embedded in a FORMAT record and delivers it via SMTP.
Authors: Adam Kues, Crypto-Cat, Shubham Shah, and Sina Kheirkhah
Type: Exploit
Pull request: #21417 contributed by jburgess-r7
Path: multi/http/cpanel_whm_auth_bypass_rce
AttackerKB reference: CVE-2026-41940
Description: This adds an exploit module for cPanel/WHM authentication bypass leading to root RCE (CVE-2026-41940).
Author: h00die
Type: Post
Pull request: #21177 contributed by h00die
Path: linux/gather/tenable_security_center
Description: This adds a linux post module for Tenable Security Center that will retrieve credential hashes and crack them.
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。