



















This week, we have added new modules to Metasploit Framework targeting Cisco Catalyst SD-WAN controllers and osTicket as well as updates and improvements to Windows service-for-user persistence, and LDAP/ADCS-related modules to automatically report related services resulting in an improved data stream, which can be queried by using the services command.
We also landed an improvement to msfvenom’s bootup time, thanks to bcoles, resulting in an approximate two-times speedup.
Authors: Spencer McIntyre, bwatters-r7, and jhicks-r7
Type: Auxiliary
Pull request: #20752 contributed by bwatters-r7
Path: admin/http/web_enrollment_cert
Description: This adds a new auxiliary/admin/http/web_enrollment_cert modules that allows certificates to be issued from an Active Directory Certificate Services Web Enrollment portal. Its usage is the same as the auxiliary/admin/http/icpr_cert module but enables operators to issue certificates when the web enrollment portal is accessible but the MS-ICPR service is not.
Author: sfewer-r7
Type: Auxiliary
Pull request: #21158 contributed by sfewer-r7
Path: admin/networking/cisco_sdwan_auth_bypass
AttackerKB reference: CVE-2026-20127
Description: This adds an auxiliary module to exploit an authentication bypass vulnerability, CVE-2026-20127, affecting Cisco Catalyst SD-WAN Controller. Recently exploited in the wild as a zero-day.
Authors: Arkaprabha Chakraborty <@t1nt1nsn0wy> and HORIZON3.ai Team
Type: Auxiliary
Pull request: #20948 contributed by ArkaprabhaChakraborty
Path: gather/osticket_arbitrary_file_read
AttackerKB reference: CVE-2026-22200
Description: This adds an auxiliary module to exploit, CVE-2026-22200, an authenticated file read vulnerability in osTicket.
Authors: Brandon McCann "zeknox" [email protected], Thomas McCarthy "smilingraccoon" [email protected], and h00die
Type: Exploit
Pull request: #20814 contributed by h00die
Path: windows/persistence/service_for_user/event
Description: Updates the Windows service-for-user persistence technique.
#20814 from h00die - Updates the Windows service-for-user persistence technique.
You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。