MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks Ravie LakshmananMay 05, 2026Vulnerability / Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code," the NIST National Vulnerability Database (NVD) states. "Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server." Per security researcher Egidio Romano, who discovered the vulnerability, the problem is rooted in the "/app/system/weixin/include/class/weixinreply.class.php" script, and stems from a lack of adequate sanitization of user-supplied input when issuing Weixin (aka WeChat) API requests. As a result, remote, unauthenticated attackers could exploit this loophole to inject and execute arbitrary PHP code. One key prerequisite for successful exploitation when MetInfo is running on non-Windows servers is that the "/cache/weixin/" directory has to exist beforehand.The directory is created when installing and configuring the official WeChat plugin.  Patches for CVE-2026-29014 were released by MetInfo on April 7, 2026. The vulnerability has since come under exploitation as of April 25, with a "small number of exploits" deployed against susceptible honeypots located in the U.S. and Singapore. Although these efforts were initially sparse and associated with automated probing, the activity witnessed a surge on May 1, 2026, focusing on China and Hong Kong IP addresses, Caitlin Condon, vice president of security research at VulnCheck, said. As many as 2,000 instances of MetInfo CMS are accessible online, most of which are in China. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  content management system, cybersecurity, network security, Open Source Software, remote code execution, Vulnerability, web security ⚡ Top Stories This Week LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories Vercel Finds More Compromised Accounts in Context.ai-Linked Breach Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking and More Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software Load More ▼ ⭐ Featured Resources Learn How Hidden Identity Blind Spots Weaken Your Security Systems [Webinar] Stop Chasing Alerts and Start Focusing on Real Exposures [Guide] How to Enable Secure Data Movement Without Added Risk [Guide] Learn a Practical Framework to Evaluate AI Tools for Production