Vulnerability in Rapid7 Metasploit Pro
CVE-2026-7373
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which wo…
EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.
Affected products
- Rapid7 Metasploit Pro — versions 5.0.0
Weakness classification (CWE)
References
- cve@rapid7.com (release-notes)
- cve@rapid7.com (release-notes)