CTI Swarm
Zurück zu allen Deep Dives
RAPID7 CYBERSECURITY BLOG

Metasploit Wrap-Up 05/01/2026

Strategische Zusammenfassung

Public PoC and Metasploit module for a Linux kernel cryptographic API logic flaw enabling local privilege escalation on AMD64/AARCH64 systems.

Volltext

Title: Metasploit Wrap-Up 05/01/2026

URL Source: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-05-01-2026

Published Time: 2026-05-01T20:26:43.354Z

Markdown Content: # Metasploit Wrap-Up 05/01/2026

Rapid7’s 2026 Global Cybersecurity Summit returns May 12-13

* Platform * Services * Resources * Partners * Company

[Request Demo](https://www.rapid7.com/request-demo/)

[Back to Blog](https://www.rapid7.com/blog/)

Products and Tools # Metasploit Wrap-Up 05/01/2026

[ Christopher Granleese](https://www.rapid7.com/blog/author/christopher/)

May 1, 2026|Last updated on May 1, 2026|3 min read

## Table of contents

* MCP server * Copy Fail * New module content (3) * Enhancements and features (5) * Bugs fixed (0) * Documentation * Get it

## MCP server

This release our very own[cdelafuente-r7](https://github.com/cdelafuente-r7)finished implementing the Metasploit MCP Server (msfmcpd), bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications like Claude, Cursor, or your own custom agents query Metasploit data. Think of it as a middleware layer that exposes 8 standardized tools for searching modules and pulling reconnaissance data, all built on the official[Ruby MCP SDK](https://github.com/modelcontextprotocol/ruby-sdk/).

This first iteration is read-only, covering modules, hosts, services, vulnerabilities, and more. Tools for module execution, session interaction, and database modifications are on the roadmap for a future release. Full details are available in the[documentation](https://cdelafuente-r7.github.io/metasploit-framework/docs/using-metasploit/other/how-to-use-metasploit-mcp-server.html).

## Copy Fail

Earlier this week, details of a new and high profile Linux LPE were released alongside a public PoC. The bug, nicknamed[Copy Fail](https://copy.fail/)and identified by[CVE-2026-31431](https://attackerkb.com/search?q=CVE-2026-31431&referrer=blog), is a logic flaw in the cryptographic APIs exposed by the Linux Kernel. Metasploit has shipped a local exploit this week to leverage the flaw on AMD64 and AARCH64 targets with additional architectures planned for future releases. The exploit, which replaces the ‘su’ binary in the page cache with a small ELF file, allows users to specify command payloads for execution and will automatically determine the appropriate target architecture.

## New module content (3)

### Microsoft Windows HTTP to LDAP Relay

Author: jheysel-r7

Type: Auxiliary

Pull request:[#21323](https://github.com/rapid7/metasploit-framework/pull/21323)contributed by[jheysel-r7](https://github.com/jheysel-r7)

Path:server/relay/http_to_ldap

Description: This adds a new NTLM relay module that relays from HTTP to LDAP. On success, an authenticated LDAP session is opened which allows the operator to interact with the LDAP service in the context of the relayed identity.

### Copy Fail […]

[… 7,285 Zeichen — nächste Zone: keyword-dense paragraphs …]

[ Products and Tools ### Metasploit Wrap-Up 04/25/2026 Spencer McIntyre](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-25-2026/)[ Products and Tools ### Metasploit Wrap-Up 04/17/2026 Jack Heysel](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-17-2026/)[ Products and Tools ### Metasploit Wrap-Up 04/10/2026 Simon Janusz](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-10-2026/)[ Products and Tools ### Metasploit Wrap-Up 04/03/2026 Simon Janusz](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-03-2026/)

[ LinkedIn](https://www.linkedin.com/company/39624)[ X […]

[Legal Terms](https://www.rapid7.com […]

[… 6,517 Zeichen — nächste Zone: tail …]

Cookies Details

#### Targeting Cookies

- [x] Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Cookies Details

#### Performance Cookies

- [x] Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Cookies Details

#### Functional Cookies

- [x] Functional Cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Cookies Details

### Cookie List

Clear

* - [x] checkbox label label

Apply Cancel

Consent Leg.Interest

- [x] checkbox label label

- [x] checkbox label label

- [x] checkbox label label

Reject All Confirm My Choices