Skip to content

Secure IT

Stay Secure. Stay Informed.

Primary Menu
  • Home
  • Sources
    • Krebs On Security
    • Security Week
    • The Hacker News
    • Schneier On Security
  • Home
  • The Hacker News
  • MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
  • The Hacker News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

[email protected] The Hacker News Published: May 5, 2026 | Updated: May 9, 2026 2 min read
0 views

Ravie LakshmananMay 05, 2026Vulnerability / Network Security

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck.

The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.

“MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code,” the NIST National Vulnerability Database (NVD) states.

“Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.”

Per security researcher Egidio Romano, who discovered the vulnerability, the problem is rooted in the “/app/system/weixin/include/class/weixinreply.class.php” script, and stems from a lack of adequate sanitization of user-supplied input when issuing Weixin (aka WeChat) API requests.

As a result, remote, unauthenticated attackers could exploit this loophole to inject and execute arbitrary PHP code. One key prerequisite for successful exploitation when MetInfo is running on non-Windows servers is that the “/cache/weixin/” directory has to exist beforehand.The directory is created when installing and configuring the official WeChat plugin. 

Patches for CVE-2026-29014 were released by MetInfo on April 7, 2026. The vulnerability has since come under exploitation as of April 25, with a “small number of exploits” deployed against susceptible honeypots located in the U.S. and Singapore.

Although these efforts were initially sparse and associated with automated probing, the activity witnessed a surge on May 1, 2026, focusing on China and Hong Kong IP addresses, Caitlin Condon, vice president of security research at VulnCheck, said. As many as 2,000 instances of MetInfo CMS are accessible online, most of which are in China.

About The Author

[email protected] The Hacker News

See author's posts

Original post here

What do you feel about this?

  • The Hacker News

Post navigation

Previous: We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
Next: The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

Author's Other Posts

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now cpanel-3.jpg

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

May 9, 2026 0 1
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms banking.jpg

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

May 9, 2026 0 0
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads android-calls.jpg

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

May 9, 2026 0 0
One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches zz-webinar.jpg

One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches

May 9, 2026 0 1

Related Stories

cpanel-3.jpg
  • The Hacker News

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

[email protected] The Hacker News May 9, 2026 0 1
banking.jpg
  • The Hacker News

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

[email protected] The Hacker News May 9, 2026 0 0
android-calls.jpg
  • The Hacker News

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

[email protected] The Hacker News May 9, 2026 0 0
zz-webinar.jpg
  • The Hacker News

One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches

[email protected] The Hacker News May 9, 2026 0 1
kube.jpg
  • The Hacker News

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

[email protected] The Hacker News May 9, 2026 0 0
ai-soc.jpg
  • The Hacker News

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

[email protected] The Hacker News May 9, 2026 0 1

Trending Now

Who Runs the Ransomware Group ‘The Gentlemen?’ Who Runs the Ransomware Group ‘The Gentlemen?’ 1

Who Runs the Ransomware Group ‘The Gentlemen?’

June 10, 2026 0 0
A Record-Breaking Patch Tuesday for June 2026 2

A Record-Breaking Patch Tuesday for June 2026

June 9, 2026 0 0
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 3

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

June 1, 2026 0 0
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 4

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

May 25, 2026 0 0

Connect with Us

Social menu is not set. You need to create menu and assign it to Social Menu on Menu Settings.

Trending News

Who Runs the Ransomware Group ‘The Gentlemen?’ Who Runs the Ransomware Group ‘The Gentlemen?’ 1
  • Uncategorized

Who Runs the Ransomware Group ‘The Gentlemen?’

June 10, 2026 0 0
A Record-Breaking Patch Tuesday for June 2026 2
  • Uncategorized

A Record-Breaking Patch Tuesday for June 2026

June 9, 2026 0 0
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts 3
  • Uncategorized

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

June 1, 2026 0 0
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 4
  • Uncategorized

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

May 25, 2026 0 0
Lawmakers Demand Answers as CISA Tries to Contain Data Leak Lawmakers Demand Answers as CISA Tries to Contain Data Leak 5
  • Uncategorized

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

May 22, 2026 0 0
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 6
  • Uncategorized

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

May 21, 2026 0 0
CISA Admin Leaked AWS GovCloud Keys on Github CISA Admin Leaked AWS GovCloud Keys on Github 7
  • Uncategorized

CISA Admin Leaked AWS GovCloud Keys on Github

May 18, 2026 0 0

You may have missed

Who Runs the Ransomware Group ‘The Gentlemen?’
  • Uncategorized

Who Runs the Ransomware Group ‘The Gentlemen?’

Sean June 10, 2026 0 0
  • Uncategorized

A Record-Breaking Patch Tuesday for June 2026

Sean June 9, 2026 0 0
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
  • Uncategorized

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Sean June 1, 2026 0 0
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
  • Uncategorized

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Sean May 25, 2026 0 0
Copyright © 2026 All rights reserved. | MoreNews by AF themes.