EIP-2026-103983

PRE-CVE

Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103983. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits the diagnostic console feature in Metasploit Web UI to execute arbitrary commands via authenticated access. It automates login, enables the console if disabled, and injects payloads through the console interface.

Description

Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/40415

View Code ZIP pw:eip

This Metasploit module exploits the diagnostic console feature in Metasploit Web UI to execute arbitrary commands via authenticated access. It automates login, enables the console if disabled, and injects payloads through the console interface.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Metasploit Community (4.1.0, 4.8.2, 4.12.0), Metasploit Pro, Metasploit Express

Auth required

Prerequisites: Valid credentials for Metasploit Web UI · Diagnostic console accessible (or ability to enable it)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026