EIP-2026-103982

PRE-CVE

Metasploit < 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103982. PoCs published by 0a29406d9794e4f9b30b3c5d6702c708.

AI-analyzed exploit summary This Metasploit module exploits a predictable filename vulnerability in the 'pcap_log' plugin (Metasploit < 4.4) to create a hard link to /etc/passwd, allowing privilege escalation by injecting a privileged user entry via UDP.

Description

Metasploit < 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by 0a29406d9794e4f9b30b3c5d6702c708 · rubyremotemultiple

https://www.exploit-db.com/exploits/21927

View Code ZIP pw:eip

This Metasploit module exploits a predictable filename vulnerability in the 'pcap_log' plugin (Metasploit < 4.4) to create a hard link to /etc/passwd, allowing privilege escalation by injecting a privileged user entry via UDP.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Metasploit Framework < 4.4

No auth needed

Prerequisites: Access to a session on the target system · Metasploit Framework < 4.4 with pcap_log plugin enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026