Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 340, Issue 2IT Vendor NewsRapid7

Weekly Metasploit Update: Exploits for FlowiseAI CSV Agent and macOS Package Kit

Rapid7, Saturday, July 11th, 2026

Rapid7's weekly Metasploit update adds exploits for a FlowiseAI CSV agent RCE and a macOS Package Kit issue.

Rapid7 details the latest Metasploit Framework update, highlighting new exploit modules.

One targets CVE-2026-41264, an unauthenticated remote code execution flaw in FlowiseAI's CSV_Agents class that lets attackers upload a CSV containing arbitrary Python code for execution. Another module addresses a macOS Package Kit weakness.

The post summarizes the added modules and improvements available to Metasploit users.

more →  ·  More from Rapid7 →