Metasploit Update: New Exploit Modules for Next.js, LiteLLM, and Audiobookshelf — Detection & Mitigation

This week's update to the Metasploit Framework significantly lowers the barrier to entry for exploiting high-severity vulnerabilities in popular platforms. Security Arsenal is tracking the release of new modules targeting Next.js (Middleware Authorization Bypass), LiteLLM (Proxy SQL Injection), and Audiobookshelf (Unauthenticated API Bypass and Deserialization RCE).

The addition of these modules to Metasploit transforms proof-of-concept code into automated, scalable attack tools available to the masses. The window between disclosure and widespread exploitation has effectively closed. Defenders must assume active scanning is underway and prioritize immediate inventorying and patching of affected instances. Additionally, the Metasploit team is soliciting feedback on future evasion capabilities until July 1, 2026; we strongly recommend security leaders participate to shape the tool's defensive utility.

Technical Analysis

The release includes modules that target critical flaws in three distinct technology stacks:

1. Next.js Middleware Authorization Bypass

• Affected Component: Next.js Middleware.
• Vulnerability: A logic flaw allowing attackers to bypass authentication controls enforced by the middleware layer.
• Impact: Unauthorized access to protected routes and data, potentially leading to data exfiltration or account takeover.
• Exploitation Status: Automated scanning is now viable via the new Metasploit module.

2. LiteLLM Proxy SQL Injection

• Affected Component: LiteLLM Proxy.
• Vulnerability: SQL Injection (SQLi) within the proxy handling logic.
• Impact: Allows attackers to interact with the backend database, potentially extracting sensitive API keys, logs, or user data. In some configurations, this may lead to Remote Code Execution (RCE) on the host.
• Exploitation Status: High risk. SQLi is a favorite target for automated bots.

3. Audiobookshelf Critical Code Execution

• Affected Component: Audiobookshelf API.
• Vulnerabilities: Unauthenticated API authentication bypass and Deserialization.
• Impact: Critical. The deserialization flaw allows for arbitrary code execution on the server with the privileges of the Audiobookshelf service.
• Exploitation Status: The combination of auth bypass followed by RCE makes this a "wormable" candidate in unsegmented networks.

Detection & Response

Detection of these vulnerabilities requires monitoring web application logs for exploitation attempts and endpoint telemetry for successful code execution. While no specific CVEs are listed in this week's summary, the techniques (SQLi, Deserialization, Auth Bypass) provide clear signal.

Sigma Rules

These rules target the exploitation techniques associated with the new Metasploit modules.

---
title: Potential LiteLLM SQL Injection via Metasploit
id: 8a4b2c19-d4e5-4f6g-7h8i-9j0k1l2m3n4o
status: experimental
description: Detects potential SQL injection attempts targeting LiteLLM proxy endpoints, often used by Metasploit modules.
references:
 - https://www.rapid7.com/blog/post/pt-weekly-metasploit-update-modules-for-audiobookshelf-litellm-next-js-dalfox-and-more
author: Security Arsenal
date: 2026/04/10
tags:
  - attack.initial_access
  - attack.t1190
logsource:
  category: webserver
  product: nginx
detection:
  selection:
    cs-method: 'POST'
    cs-uri-query|contains:
      - 'UNION SELECT'
      - 'OR 1=1'
      - 'sleep('
  filter:
    cs-uri-query|contains: 'litellm'
falsepositives:
  - Legitimate penetration testing
level: high
---
title: Audiobookshelf Deserialization Anomaly
did: 9b5c3d20-e5f6-0g7h-8i9j-0k1l2m3n4o5p
status: experimental
description: Detects Java serialization payloads or suspicious content-types often associated with deserialization exploits in Audiobookshelf.
references:
 - https://www.rapid7.com/blog/post/pt-weekly-metasploit-update-modules-for-audiobookshelf-litellm-next-js-dalfox-and-more
author: Security Arsenal
date: 2026/04/10
tags:
  - attack.initial_access
  - attack.execution
  - attack.t1190
logsource:
  category: webserver
  product: apache
detection:
  selection:
    cs-uri-query|contains:
      - 'api/'
    cs-content-type|contains:
      - 'application/x-java-serialized-object'
      - 'application/octet-stream'
  condition: selection
falsepositives:
  - Rare administrative usage
level: critical

KQL (Microsoft Sentinel / Defender)

Hunt for SQLi errors and Next.js middleware anomalies in your HTTP logs (CommonSecurityLog or Syslog).

// Hunt for LiteLLM and Next.js exploitation attempts
CommonSecurityLog
| where DeviceProduct in ("NGINX", "Apache", "Envoy")
| where RequestMethod == "POST"
| where RequestURL contains "/" 
| where spoofed == "false"
| extend IsSQLi = iff(RequestURL has "UNION" or RequestURL has "SELECT" or RequestURL has "1=1" or RequestURL has "sleep(", true, false)
| extend IsDeserialization = iff(ContentType has "java-serialized" or ContentType has "octet-stream", true, false)
| where IsSQLi or IsDeserialization
| project TimeGenerated, SourceIP, DestinationIP, RequestURL, UserAgent, IsSQLi, IsDeserialization
| top 100 by TimeGenerated desc

Velociraptor VQL

Hunt for successful code execution resulting from these web exploits, focusing on unexpected child processes spawned by web service accounts (e.g., node for Next.js/LiteLLM or java/other runtimes for Audiobookshelf).

-- Hunt for suspicious child processes spawned by web application services
SELECT Pid, Name, CommandLine, Exe, Username, ParentPid
FROM pslist()
WHERE ParentPid IN (
    SELECT Pid FROM pslist() WHERE Name =~ 'node'
     OR Name =~ 'python'
     OR Name =~ 'java'
)
  AND Name IN ('cmd.exe', 'powershell.exe', 'bash', 'sh', 'curl', 'wget')
  AND Exe NOT IN ('C:\\Windows\\System32\\cmd.exe', '/usr/bin/bash')

Remediation Script

This Bash script assists in identifying running instances of Next.js, LiteLLM, and Audiobookshelf on Linux-based hosts to facilitate patching.

#!/bin/bash
# Security Arsenal - Vulnerability Check Script
# Checks for running instances of Next.js, LiteLLM, and Audiobookshelf

echo "Checking for vulnerable services..."

# Check for Next.js (Node.js processes typically on port 3000 or using next start)
echo "[+] Checking for Next.js/Node processes..."
if pgrep -f "node.*next" > /dev/null; then
    echo "WARNING: Next.js process detected."
    ps aux | grep "node.*next"
else
    echo "No Next.js processes detected."
fi

# Check for LiteLLM (often runs as python litellm or in Docker)
echo "[+] Checking for LiteLLM processes..."
if pgrep -f "litellm" > /dev/null; then
    echo "WARNING: LiteLLM process detected."
    ps aux | grep "litellm"
else
    echo "No LiteLLM processes detected."
fi

# Check for Audiobookshelf (often runs on port 13378 or via Docker)
echo "[+] Checking for Audiobookshelf processes..."
if pgrep -f "audiobookshelf" > /dev/null; then
    echo "WARNING: Audiobookshelf process detected."
    ps aux | grep "audiobookshelf"
else
    echo "No Audiobookshelf processes detected."
fi

# Check for exposed ports (basic heuristic)
echo "[+] Checking for listening ports associated with these services..."
netstat -tuln | grep -E ':(3000|4000|13378)'

echo "Remediation: Update all identified services to their latest stable versions immediately."

Remediation

Immediate action is required to secure these environments:

1. Patch Immediately:

   • Next.js: Update to the latest version. Review middleware logic to ensure strict authorization checks.
   • LiteLLM: Update to the latest patched version immediately. Sanitize all proxy inputs and enforce parameterized queries.
   • Audiobookshelf: Update to the latest version. If the appliance is exposed to the internet, move it behind a VPN immediately.

2. Network Segmentation: Ensure these services are not directly exposed to the public internet. Place them behind a Web Application Firewall (WAF) or an authentication proxy (e.g., OAuth2, OIDC).

3. WAF Configuration: Update WAF rules to block SQL injection syntax (for LiteLLM) and requests containing serialized payloads (for Audiobookshelf).

4. Participate in Metasploit Feedback: Visit the Rapid7 proposal page and submit your feedback on evasion capabilities before the July 1, 2026 deadline. Your input will help shape how future offensive tools interact with your defenses.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub