Metasploit Framework Ships Exploit for 'Copy Fail' Linux Kernel LPE and Debuts AI Integration Server
Rapid7's latest Metasploit release includes an exploit module for the 'Copy Fail' Linux kernel privilege escalation bug (CVE-2026-31431) and a read-only MCP server that lets AI agents query Metasploit data.
Rapid7 has released the May 1, 2026 edition of the Metasploit Framework, headlined by a local privilege escalation exploit for a critical Linux kernel vulnerability nicknamed 'Copy Fail.' The update also introduces a new Model Context Protocol (MCP) server that allows AI tools to query Metasploit's module and reconnaissance data, marking a significant step toward AI-assisted penetration testing.
The centerpiece of the release is an exploit module for CVE-2026-31431, a logic flaw in the Linux kernel's cryptographic APIs that affects nearly every kernel version since 2017. Dubbed 'Copy Fail,' the vulnerability allows an unprivileged local attacker to gain root access by replacing the 'su' binary in the page cache with a malicious ELF file. The Metasploit module, contributed by zeroSteiner, targets AMD64 and AARCH64 architectures, with additional platforms planned for future updates. A public proof-of-concept exploit was released earlier this week, and Rapid7 has now integrated it directly into the framework.
The Copy Fail exploit works by leveraging a flaw in the kernel's AF_ALG and authencesn subsystems to write arbitrary data into the page cache. By overwriting the 'su' binary, an attacker can execute arbitrary commands with root privileges. The module automatically determines the target architecture and allows users to specify custom command payloads. Given the widespread impact of the vulnerability—affecting virtually all Linux distributions running kernels from the past nine years—the inclusion of this exploit in Metasploit lowers the barrier for both security researchers and malicious actors.
Alongside the exploit, the release includes a new auxiliary module for NTLM relay attacks. The 'Microsoft Windows HTTP to LDAP Relay' module, contributed by jheysel-r7, enables attackers to relay NTLM authentication from HTTP to LDAP. On success, it opens an authenticated LDAP session, allowing the operator to interact with the LDAP service in the context of the relayed identity. This module expands Metasploit's already extensive NTLM relay capabilities and is particularly useful in Active Directory environments where HTTP endpoints can be coerced into authenticating.
Perhaps the most forward-looking addition is the Metasploit MCP Server (msfmcpd), implemented by cdelafuente-r7. The server implements the Model Context Protocol, a standard that allows AI applications such as Claude, Cursor, or custom agents to query Metasploit data. The initial release is read-only, exposing eight standardized tools for searching modules and pulling reconnaissance data from the database. Future iterations are expected to add support for module execution, session interaction, and database modifications. The server is built on the official Ruby MCP SDK and is fully documented on the Metasploit docsite.
The release also includes several enhancements to module check code messages and statuses, contributed by adfoster-r7 across multiple pull requests. These improvements aim to provide clearer feedback during vulnerability scanning and exploitation attempts. No bug fixes were included in this cycle.
The addition of the MCP server reflects a broader industry trend toward integrating AI into security tooling. By providing a standardized interface for AI agents to access Metasploit's capabilities, Rapid7 is positioning the framework as a key component in autonomous and AI-assisted security testing workflows. The Copy Fail exploit, meanwhile, underscores the ongoing challenge of securing the Linux kernel against local privilege escalation attacks, especially as public exploits become readily available in widely used penetration testing tools.