EIP-2026-103134
PRE-CVEHashicorp Consul - Remote Command Execution via Rexec (Metasploit)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-103134. PoCs published by Metasploit.
AI-analyzed exploit summary This Metasploit module exploits Hashicorp Consul's rexec feature to achieve remote command execution by creating a session, setting a command, and triggering execution via the Consul API.
Description
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/46073
This Metasploit module exploits Hashicorp Consul's rexec feature to achieve remote command execution by creating a session, setting a command, and triggering execution via the Consul API.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Hashicorp Consul (versions with DisableRemoteExec not set to true)
Auth required
Prerequisites:
Network access to Consul API (port 8500 by default) · Consul agent with rexec enabled (DisableRemoteExec not set to true) · Optional ACL token if authentication is enabled
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026