MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
ATT&CK techniques detected
T1190Exploit Public-Facing Application
99%
“metinfo cms cve - 2026 - 29014 exploited for remote code execution attacks threat actors are actively exploiting a critical security flaw impacting an open - source content management system ( cms ) known as metinfo, according to new findings from vulncheck. the vulnerability in …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
91%
“and stems from a lack of adequate sanitization of user - supplied input when issuing weixin ( aka wechat ) api requests. as a result, remote, unauthenticated attackers could exploit this loophole to inject and execute arbitrary php code. one key prerequisite for successful exploi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code