Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Rapid7’s Metasploit Framework update introduces new scanners and an exploit module, including a Next.js Middleware Authorization Bypass scanner for CVE-2025-29927, a LiteLLM proxy pre-auth SQL injection scanner for CVE-2026-42208, and an unauthenticated Audiobookshelf API authentication bypass scanner for CVE-2025-25205 (fixed in 2.19.1 for affected releases 2.17.0–2.19.0). The release also adds a Dalfox found-action deserialization RCE exploit for Dalfox Server versions <= 2.12.0 tied to CVE-2026-45087. These additions matter because they help detect and potentially validate high-impact pre-auth and authorization flaws, as well as remote code execution via unsafe deserialization paths.
We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of how evasive capabilities are implemented in Metasploit Framework. The proposal for the changes can be found here, and you can submit your responses to the form here. The form will stop accepting responses on the 1st of July, 2026.…