Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: python314Packages.pymetasploit3

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-5463

8.6 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): HIGH
Availability impact (A): LOW

created 2 weeks ago

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 …

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.

References

Affected products

pymetasploit3

=<1.0.6

Matching in nixpkgs

pkgs.python312Packages.pymetasploit3

Library for Metasploit framework

nixos-25.11 pymetasploit3-1.0.6
- nixos-25.11-small pymetasploit3-1.0.6
- nixpkgs-25.11-darwin pymetasploit3-1.0.6

pkgs.python313Packages.pymetasploit3

Library for Metasploit framework

nixos-unstable pymetasploit3-1.0.6
- nixpkgs-unstable pymetasploit3-1.0.6
- nixos-unstable-small pymetasploit3-1.0.6
nixos-25.11 pymetasploit3-1.0.6
- nixos-25.11-small pymetasploit3-1.0.6
- nixpkgs-25.11-darwin pymetasploit3-1.0.6

pkgs.python314Packages.pymetasploit3

Library for Metasploit framework

nixos-unstable pymetasploit3-1.0.6
- nixpkgs-unstable pymetasploit3-1.0.6
- nixos-unstable-small pymetasploit3-1.0.6

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

1