RAPID7 CYBERSECURITY BLOG
Metasploit Wrap-Up 05/01/2026
KEV CRITICAL Linux CVE-2026-31431 Linux kernel LPE Metasploit
Strategische Zusammenfassung
Public PoC and Metasploit module for a Linux kernel cryptographic API logic flaw enabling local privilege escalation on AMD64/AARCH64 systems.
Relevanz für dich
Public PoC and Metasploit module for a Linux kernel cryptographic API logic flaw enabling local privilege escalation on AMD64/AARCH64 systems.
Erwähnte CVEs
Risk Score
100
- cvss base
- 78.00
- kev bonus
- 20.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 113.00
- industry weight
- 1.30
- freshness factor
- 1.00
- days old
- 0.00
Pfad: operational
MITRE ATT&CK Mapping
2 TTPs Recon
Resource Dev
Initial Access
Execution
Persistence
Priv. Escal.
T1068 Exploitation for Privilege Escalation Def. Evasion
Cred. Access
T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay Discovery
Lateral Mov.
Collection
C2
Exfiltration
Impact
Procedure-Details
| Technik | Tactic | Procedure | Conf. | Quelle |
|---|---|---|---|---|
| T1068 Exploitation for Privilege Escalation | Privilege Escalation | CVE-2026-31431 is described as a Linux Local Privilege Escalation (LPE) vulnerability with a public PoC, exploited via a new Metasploit module called 'Copy Fail' to gain elevated privileges on Linux systems. | high | llm |
| T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay | Credential Access | A new Metasploit module 'Microsoft Windows HTTP to LDAP Relay' relays NTLM authentication from HTTP to LDAP, opening an authenticated LDAP session in the context of the relayed identity to interact with Active Directory. | high | llm |