What does the new Metasploit NTLM relay update do?

It makes SMB relaying work with more clients like Linux smbclient by forwarding Net-NTLM immediately to single targets, ditching the old error-handling quirk.

Will Metasploit's printer exploit hit my business?

If you're running networked Epson-compatible receipt printers exposed to the internet or LAN, yes — CVE-2026-23767 allows unauth command injection.

How to update Metasploit for these new modules?

Run msfupdate, or git pull master branch. Check GitHub for PR details.

🛡️ Security Tools

Metasploit's March 2026 Update Arms Attackers Against Printers, Dev Spaces, and Email Gateways

Picture your local store's receipt printer spitting out garbage — or worse, attacker commands. Metasploit's freshest update just made that nightmare easier, alongside RCE hits on dev tools and email appliances.

CVE Watch Apr 11, 2026 4 min read

Metasploit console showing new NTLM relay module in action

⚡ Key Takeaways

NTLM relaying now supports broader clients like smbclient, easing SMB attacks. 𝕏
New exploits target overlooked devices: receipt printers (CVE-2026-23767), Eclipse Che RCE (CVE-2025-12548), Barracuda ESG (CVE-2023-2868). 𝕏
Routine bug fixes and enhancements keep Metasploit reliable for pentesters — and a headache for defenders. 𝕏

Published by

CVE Watch

Threat intelligence. Zero noise.

#Barracuda ESG #CVE-2026-23767 #Eclipse Che RCE #Metasploit #NTLM Relay #exploit modules #penetration testing

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Rapid7 Blog

⚡ Key Takeaways

The 60-Second TL;DR

CVE Watch

Share this article

Worth sharing?

Related Stories

Metasploit's April Arsenal: RCE for FreeScout, Grav CMS, and a Ghostly Windows Logon Trick

Your Pentest Bot Went Quiet: The Hidden Gaps Killing Your Security

Metasploit's March 2026 Punch: FreePBX and AVideo Ripe for Ransack

Chrome's DBSC Finally Ships: Session Theft's Days Are Numbered

Stay in the loop