CTI Swarm
Zurück zu allen Deep Dives
RAPID7 CYBERSECURITY BLOG

Metasploit Wrap-Up 03/27/2026

Strategische Zusammenfassung

Public release of exploit modules increases the likelihood of real-world attacks against the listed vulnerabilities.

Volltext

Title: Metasploit Wrap-Up 03/27/2026

URL Source: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-27-2026

Published Time: 2026-03-27T20:53:46.484Z

Markdown Content: # Metasploit Wrap-Up 03/27/2026

[![Image 1: Rapid7](https://www.rapid7.com/_next/static/media/rapid7-logo.0wr-9470i7grz.svg)](https://www.rapid7.com/)

* Platform * Services * Resources * Partners * Company

[](https://www.rapid7.com/contact/)[](https://insight.rapid7.com/saml/SSO)[Request Demo](https://www.rapid7.com/request-demo/)

[Back to Blog](https://www.rapid7.com/blog/)

Products and Tools # Metasploit Wrap-Up 03/27/2026

[![Image 2: Spencer McIntyre](https://www.rapid7.com/_next/image/?url=https%3A%2F%2Fwww.rapid7.com%2Fcdn%2Fimages%2Fblt5be2582ac765d5d5%2F684044749822ae7d22f3b4b0%2FSpencer-McIntyre.jpg&w=96&q=75) Spencer McIntyre](https://www.rapid7.com/blog/author/spencer-mcintyre/)

Mar 27, 2026|Last updated on Mar 27, 2026|xx min read

![Image 3: Metasploit Wrap-Up 03/27/2026](https://www.rapid7.com/_next/image/?url=https%3A%2F%2Fwww.rapid7.com%2Fcdn%2Fimages%2Fblt0d50271a40a5f14f%2F6849ab419621d9f3824d5017%2Fmetasploit-sky.png&w=3840&q=75)

## Better NTLM Relaying Functionality

This week’s release brings an improvement to the SMB NTLM relay server. In the past, it’s support has been expanded with modules for relaying to HTTP (ESC8), MSSQL and LDAP while still receiving connections over the humble SMB service. Prior to this release, clients required a key behavior in how they handled SMB’s STATUS_NETWORK_SESSION_EXPIRED error code, in order to relay a single authentication attempt to multiple targets. Most clients other than Window’s “net use” do not handle these errors and were thus incompatible with Metasploit SMB NTLM relaying capabilities. Now, when a single target is specified, Metasploit alters its relaying strategy to forward the Net-NTLM messages immediately, making it compatible with a broader range of clients including Linux’s smbclient. In addition, the client in RubySMB was updated to mimic the behaviour of “net use” allowing authentication attempts from RubySMB to be relayed to multiple targets successfully.

## New module content (3)

### ESC/POS Printer Command Injector

Author: FutileSkills

Type: Auxiliary

Pull request:[#20478](https://github.com/rapid7/metasploit-framework/pull/20478)contributed by[futileskills](https://github.com/futileskills)

Path:admin/printer/escpos_tcp_command_injector

Description: Adds a new auxiliary module that exploits CVE-2026-23767, an unauthenticated ESC/POS command vulnerability in networked Epson-compatible printers. The vulnerability allows an attacker to send crafted commands over the network to inject custom ESC/POS print commands, which are used in various receipt printers.

### Eclipse Che machine-exec Unauthenticated RCE

Authors: Greg Durys[gregdurys.security@proton.me](mailto:gregdurys.security@proton.me)and Richard Leach

Type: Exploit

Pull request:[#20835](https://github.com/rapid7/metasploit-framework/pull/20835)contributed by[GregDurys](https://github.com/GregDurys)

Path:linux/http/eclipse_che_machine_exec_rce

AttackerKB reference:[CVE-2025-12548](https://attackerkb.com/search?q=CVE-2025-12548&referrer=blog)

Description: This adds a module for CVE-2025-12548, an unauthenticated RCE in the Eclipse Che machine-exec service. The vulnerability allows attackers to connect over WebSocket on port 3333 and execute commands via JSON-RPC without authentication. This affects Red Hat OpenShift DevSpaces environments.

### Barracuda ESG TAR Filename Command Injection

Authors: Curt Hyvarinen, Mandiant, and cfielding-r7

Type: Exploit

Pull req […]

[… 3,233 Zeichen — nächste Zone: keyword-dense paragraphs …]

[![Image 9: Metasploit Wrap-Up 03/20/2026](https://www.rapid7.com/_next/image/?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblte4f029e766e6b253%2Fblt7464fe659cab8a01%2F6852c358419e54d8e21c3458%2Fblog-metasploit-wrap-up-.webp%3Fauto%3Davif&w=1920&q=75) Products and Tools ### Metasploit Wrap-Up 04/10/2026 ![Image 10: Dean Welch's avatar](https://www.rapid7.com/default-author-image.svg) Simon Janusz](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-10-2026/)[![Image 11: Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/_next/image/?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblte4f029e766e6b253%2Fblt0475760a2990dfd7%2F6849ab41a770d7563190a3ea%2Fmetasploit-fence.png%3Fauto%3Davif&w=1920&q=75) Products and Tools ### Metasploit Wrap-Up 04/03/2026 ![Image 12: Dean Welch's avatar](https://www.rapid7.com/default-author-image.svg) Simon Janusz](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-03-2026/)[![Image 13: Metasploit Wrap-Up 03/20/2026](https://www.rapid7.com/_next/image/?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblte4f029e766e6b253%2Fblt7464fe659cab8a01%2F6852c358419e54d8e21c3458%2Fblog-metasploit-wrap-up-.webp%3Fauto%3Davif&w=1920&q=75) Products and Tools ### Metasploit Wrap-Up 03/20/2026 ![Image 14: Brendan Watters's avatar](https://www.rapid7.com/_next/image/?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblte4f029e766e6b253%2Fblt7406fe18cbffbbda%2F684acdad4c53c830c2e85e25%2FBrendan-Waters.jpeg&w=64&q=75) Brendan Watters](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-20-2026/)[![Image 15: Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/_next/image/?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblte4f029e766e6b253%2Fblt0475760a2990dfd7%2F6849ab41a770d7563190a3ea%2Fmetasploit-fence.png%3Fauto%3Davif&w=1920&q=75) Products and Tools ### Metasploit Wrap-Up 03/13/2026 ![Image 16: Dean Welch's avatar](https://www.rapid7.com/default-author-image.svg) Dean Welch](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026/)

* [#20967](https://github.com/rapid7/metasploit-framework/pull/20967)from[jheysel-r7](https://github.com/jheysel-r7)- This fix an issue that prevents successful authentication relay from Ruby SMB Client and smbclient.

[![Image 4: LinkedIn](https://www.rapid7.com/linkedin-logo.svg)](https://www.linkedin.com/shareArticle?mini=true&url=https%3 […]

[… 2,792 Zeichen — nächste Zone: tail …]

* [Partner Programs](https://www.rapid7.com/partners/)

* [Investors](https://investors.rapid7.com/)

* [Careers](https://careers.rapid7.com/)

### Stay Informed

* [Blog](https://www.rapid7.com/blog/)

* [Emergent Threat Response](https://www.rapid7.com/blog/tag/emergent-threat-response/)

* [Webinars & Events](https://www.rapid7.com/about/events-webcasts/)

* [Rapid7 Labs Research](https://www.rapid7.com/research/)

* [Vulnerability Database](https://www.rapid7.com/db/)

* [Security Fundamentals](https://www.rapid7.com/fundamentals/)

### For Customers

* [Sign In](https://insight.rapid7.com/saml/SSO)

* [Support Portal](https://www.rapid7.com/for-customers/)

* [Product Documentation](https://docs.rapid7.com/)

* [Extension Library](https://extensions.rapid7.com/)

* [Rapid7 Academy](https://academy.rapid7.com/)

* [Customer Escalation Portal](https://information.rapid7.com/Customer-Escalation.html)

### Contact Support

* [+1-866-390-8113](tel:+1-866-390-8113)

### Follow Us

[![Image 18: LinkedIn icon](https://www.rapid7.com/icons/footer/icon-linkedin.svg) LinkedIn](https://www.linkedin.com/company/39624)[![Image 19: X (Twitter) icon](https://www.rapid7.com/icons/footer/icon-twitter.svg) X (Twitter)](https://twitter.com/Rapid7)[![Image 20: Facebook icon](https://www.rapid7.com/icons/footer/icon-facebook.svg) Facebook](https://www.facebook.com/rapid7)[![Image 21: Instagram icon](https://www.rapid7.com/icons/footer/icon-instagram.svg) Instagram](https://www.instagram.com/rapid7/)[![Image 22: Bluesky icon](https://www.rapid7.com/icons/footer/icon-bluesky.svg) Bluesky](https://bsky.app/profile/rapid7.com)

© Rapid7

[Legal Terms](https://www.rapid7.com/legal/)[Privacy Policy](https://www.rapid7.com/privacy-policy/)[Export Notice](https://www.rapid7.com/export-notice/)[Trust](https://www.rapid7.com/trust/)[Cookie List](https://www.rapid7.com/cookie-list/)[Accessibility Statement](https://www.rapid7.com/legal/website-accessibility-statement/)