Unknown · Pymetasploit3 · CVE-2026-5463
Name of the Vulnerable Software and Affected Versions
pymetasploit3 versions through 1.0.6
Description
A command injection issue exists in the `console.run module with output()` function of pymetasploit3. Attackers can inject newline characters into module options, such as the `RHOSTS` parameter, disrupting command parsing and potentially enabling arbitrary command execution and manipulation of Metasploit sessions.
Recommendations
Update pymetasploit3 to a version later than 1.0.6.