CVE-2026-7373

EUVD-2026-30498

15.05.2026, 03:16

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent  postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent's SYSTEM level access.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
rapid7	CNA	8.5 HIGH	LOCAL	LOW	NONE	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H/E:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
rapid7	metasploit	5.0.0	CNA

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://docs.rapid7.com/insight/metasploit-pro-release-notes/