MetInfo CMS CVE-2026-29014 Exploited for RCE Attacks

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerability
MetInfo CMS CVE-2026-29014 Exploited for RCE Attacks

Threat actors are actively exploiting a critical vulnerability, CVE-2026-29014 (CVSS 9.8), impacting the open-source content management system (CMS) MetInfo. According to findings from The Hacker News, citing VulnCheck, this is an unauthenticated PHP code injection flaw present in MetInfo CMS versions 7.9, 8.0, and 8.1. The severity of this flaw means it can lead directly to arbitrary code execution, granting attackers full control over compromised systems.

This is a stark reminder that even seemingly niche open-source platforms are not immune from targeted exploitation. The attacker’s calculus here is straightforward: find unpatched, internet-facing instances and gain immediate remote code execution. For defenders, this means any MetInfo CMS instance, especially older versions, is a high-value target that needs immediate attention.

SCW advises organizations using MetInfo CMS to prioritize patching and verify system integrity. Given the active exploitation, assume compromise until proven otherwise. This isn’t theoretical; it’s a live threat demanding urgent action.

What This Means For You

  • If your organization uses MetInfo CMS, immediately identify all instances, especially versions 7.9, 8.0, and 8.1. Prioritize patching for CVE-2026-29014 and conduct a thorough audit for any signs of compromise, including unauthorized files or suspicious activity in web server logs.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.001 PowerShell Execution T1059.004 Unix Shell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

MetInfo CMS PHP Code Injection (CVE-2026-29014)

Sigma YAML — free preview

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-29014 RCE MetInfo CMS versions 7.9, 8.0, 8.1
CVE-2026-29014 Code Injection unauthenticated PHP code injection

Written by SCW Vulnerability Desk

Take action on this incident
📡 Monitor metinfo.cn Free · 1 watchlist slot · instant alerts on new breaches 🔍 Threat intel on MetInfo CMS All breaches, IOCs & vendor exposure

Related coverage on MetInfo CMS

Android Critical RCE Vulnerability Patched in System Component

SecurityWeek reports a critical remote code execution (RCE) vulnerability, CVE-2026-0073, has been patched in Android’s System component. This is a severe flaw because it can...

threat-intelvulnerability
/SCW Vulnerability Desk /HIGH /⚑ 1 IOC /⚙ 3 Sigma

OAuth Tokens: The Persistent Backdoor Most Teams Miss

The Hacker News highlights a critical oversight in modern identity management: persistent OAuth tokens. Every AI tool, workflow automation, and productivity app employees connect to...

threat-intelvulnerabilitymicrosoftidentitytools
/SCW Vulnerability Desk /MEDIUM /⚑ 3 IOCs /⚙ 1 Sigma

Trellix Source Code Access Confirmed by Security Vendor

LΣҒΔ𝕽ΩLL 🇮🇱 reports that Trellix, a major cybersecurity firm, has confirmed unauthorized access to a portion of its source code. The company has engaged forensic...

vulnerabilitythreat-intel
/SCW Vulnerability Desk /HIGH /⚑ 3 IOCs /⚙ 3 Sigma