Metasploit Wrap-Up 04/25/2026

Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target as “vulnerable” unless the vulnerability is leveraged as part of the check method, reserving the “appears” status for version checks. The different check codes a module is capable of returning and the logic to select among them varies from exploit to exploit and is not always the easiest to understand. Aligning with the consistent feedback that Metasploit has received that module actions should be more transparent, adfoster-r7 has been adding reasoning information en masse to the check codes returned by a variety of exploits. This information will help users understand why a particular vulnerability status was determined, making troubleshooting efforts easier and increasing confidence in the results. Legacy SMB Improvements This week, community member g0tm1lk made multiple improvements for legacy and non-Windows SMB targets. Version information is now more reliably extracted from targets running SMB 1, and a variety of minor bugs were fixed across multiple modules that would have affected users targeting systems the module was not intended to target as is often the case when the module is used to scan an entire network. New module content (4) Camaleon CMS Directory Traversal CVE-2024-46987 Authors: Goultarde, Peter Stockli, and bootstrapbool Type: Auxiliary Pull request: #21122 contributed by bootstrapbool Path: gather/camaleon_download_private_file AttackerKB reference: CVE-2024-46987 Description: This adds an auxiliary module to exploit an arbitrary file vulnerability, CVE-2024-46987, on Camaleon CMS = 2.8.0 as well as 2.9.0. Langflow RCE Authors: Takahiro Yokoyama and weblover12 Type: Exploit Pull request: #21260 contributed by Takahiro-Yoko Path: multi/http/langflow_rce_cve_2026_27966 AttackerKB reference: CVE-2026-27966 Description: Adds exploit module for CVE-2026-27966, a prompt injection RCE vulnerability in Langflow 1.8.0. By creating and sending a specially-crafted flow containing python code, the LangChain will execute that code because LangChain's Read-Eval-Print Loop (REPL) is exposed by default and runs any Python code it is given. WebDAV PHP Upload Authors: g0tmi1k and theLightCosine [email protected] Type: Exploit Pull request: #21256 contributed by g0tmi1k Path: multi/http/webdav_upload_php AttackerKB reference: CVE-2012-10062 Description: Updates code and adds features: Linux support, check() method, and cleanup after exploit. Linux Chmod Author: bcoles [email protected] Type: Payload (Single) Pull request: #21238 contributed by bcoles Path: linux/loongarch64/chmod Description: Adds a new linux/loongarch64/chmod payload to change the permissions of a specified file. Enhancements and features (11) #21019 from g0tmi1k - This adds support for phpM