MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

2026-05-05

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A critical PHP code injection vulnerability (CVE-2026-29014, CVSS 9.8) in MetInfo CMS versions 7.9, 8.0, and 8.1 is being actively exploited for remote code execution attacks.

•The vulnerability exists in the weixinreply.class.php script due to insufficient input sanitization in WeChat API requests, allowing unauthenticated remote attackers to execute arbitrary PHP code
•Patches were released on April 7, 2026, but exploitation began around April 25 with automated probing attempts in the U.S. and Singapore
•A significant surge in exploitation activity occurred on May 1, 2026, with focus on Chinese and Hong Kong IP addresses
•Approximately 2,000 MetInfo CMS instances are accessible online, with most located in China

This summary was automatically generated by AI based on the original article and may not be fully accurate.

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)