CVE-2026-7373 | Rapid7 Metasploit Pro 5.0.0 metasploitPostgreSQL Service postgres.exe inclusion of functionality from untrusted control sphere

Inserito da Angelo Barbosa | Mag 15, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Rapid7 Metasploit Pro 5.0.0. This affects an unknown function of the file postgres.exe of the component metasploitPostgreSQL Service. This manipulation causes inclusion of functionality from untrusted control sphere.

This vulnerability is handled as CVE-2026-7373. It is possible to launch the attack on the local host. There is not any exploit available.

CVE-2026-7373 | Rapid7 Metasploit Pro 5.0.0 metasploitPostgreSQL Service postgres.exe inclusion of functionality from untrusted control sphere

Post correlati

CVE-2025-11629 | RainyGao DocSys up to 2.02.36 /Manage/getUserList.do getUserList sql injection

CVE-2025-15539 | Open5GS up to 2.7.6 sgwc src/sgwc/s11-handler.c sgwc_s11_handle_downlink_data_notification_ack denial of service (Issue 4230)

CVE-2024-8546 | ElementsKit Elementor Addons Plugin up to 3.2.7 on WordPress Video Widget cross site scripting

CVE-2025-70095 | Open Source Point of Sale 3.4.1 cross site scripting