Vulnerability Description
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a static location. This static location would be writable by a pre-existing "vagrant" user, if they already existed on the system. Metasploit does not create local accounts, an Administrator would need to create it. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits the unprivileged vagrant user to bypass security controls and achieve a full host compromise under the agent's SYSTEM level access.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-7373?
CVE-2026-7373 is a documented vulnerability. Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start ...
How severe is CVE-2026-7373?
CVSS scoring is not yet available for CVE-2026-7373. Check NVD for updates.
Is there a patch for CVE-2026-7373?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.