MetasploitLatest Metasploit update is out with unauthenticated RCE for Grandstream GXP1600 VoIP devices, enabling credential harvesting and SIP interception. Also included is critical support for BeyondTrust PRA/RS command injection (CVE-2026-1731), plus a serious Ollama RCE (CVE-2024-37032).
Check out the wrap up at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-02-27-2026/
Metasploit Wrap-Up 02/27/2026
Stay ahead of threats with the latest Metasploit Framework release! This update introduces critical exploit modules for Ollama Path Traversal RCE (CVE-2024-37032) and Grandstream GXP1600 RCE (CVE-2026-2329), which also includes post-modules for credential harvesting and SIP interception. Find updated support for BeyondTrust PRA/RS command injection (CVE-2026-1731) and a new ARM64 RC4 Packer for advanced evasion. Plus, benefit from enhancements to classic modules (Unreal IRCd, vsftpd), and key bug fixes for auxiliary scanners (GraphQL, LDAP ESC). Update your framework for the newest penetration testing firepower.