CVE-2026-7373

UNKNOWN 0.0

Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent's SYSTEM level access.

CWE	CWE-829 CWE-427 CWE-284
Vendor	rapid7
Product	metasploit pro
Published	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for rapid7 metasploit pro

Be the first to know when new unknown vulnerabilities affecting rapid7 metasploit pro are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Rapid7 / Metasploit Pro

5.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.rapid7.com: https://docs.rapid7.com/insight/metasploit-pro-release-notes/

Credits

Andrea Intilangelo