Human
Machine
REPRO-2026-00130 CRITICAL Command Injection
Verified
pymetasploit3 command injection
DanMcInerney/pymetasploit3 (PyPI) Apr 4, 2026
What's the vulnerability?
CVE-2026-5463 is a command injection in pymetasploit3 where module option values are concatenated into Metasploit console commands without newline sanitization.
Root Cause Analysis
Variant Analysis
Bypass and alternate trigger exploration (if present).
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00130 or
pruva-verify CVE-2026-5463 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00130/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...
Artifacts
repro/rca_report.md7.7 KBrepro/reproduction_steps.sh3.1 KBvuln_variant/rca_report.md5.8 KBvuln_variant/reproduction_steps.sh2.1 KBbundle/ticket.json3.0 KBbundle/AGENTS.repro.md0.7 KBbundle/ticket.md2.5 KBrepro/runtime_manifest.json0.6 KBrepro/reproduction_steps.py23.9 KBrepro/validation_verdict.json0.7 KBrepro/logs/attack_chain.json0.8 KBrepro/logs/reproduction_result.json1.0 KBrepro/logs/injection_test_results.json0.3 KBrepro/logs/auth_test_results.json0.3 KBrepro/logs/code_analysis.log0.1 KBrepro/logs/captured_console_command.txt1.3 KBrepro/logs/reproduction_output.log4.3 KBvuln_variant/variant_manifest.json3.5 KBvuln_variant/source_identity.json0.8 KBvuln_variant/patch_analysis.md4.0 KBvuln_variant/validation_verdict.json0.9 KBvuln_variant/variant_tests.py7.6 KBvuln_variant/logs/variant_manifest.json1.3 KBvuln_variant/logs/variant_output.log1.6 KBvuln_variant/root_cause_equivalence.json1.9 KB