{"id":813,"date":"2026-05-05T14:17:07","date_gmt":"2026-05-05T14:17:07","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=813"},"modified":"2026-05-05T14:17:07","modified_gmt":"2026-05-05T14:17:07","slug":"metinfo-cms-cve-2026-29014-exploited-for-remote-code-execution-attacks","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=813","title":{"rendered":"MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">May 05, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg6SZcQRIb_0i7jqHu2mcl7Ep1hX2C3rwLWwJmBwPHTPE2PvaP9KOHcMkvGAWxLeBFWxmfpW6IXwJqIsxHJvs2nIDc2ASwRwuXNlWFZRtatpMoksz5BRKmCVNSs4BxsrFX0_CGqlHZv_6VNWx6u1wD8dydja_fvpnRLezr_CBLyX-Lj6a2i4wRKxZnGFRen\/s1700-e365\/phph.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck.<\/p>\n<p>The vulnerability in question is <strong>CVE-2026-29014<\/strong> (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.<\/p>\n<p>\u00abMetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code,\u00bb the NIST National Vulnerability Database (NVD) <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-29014\">states<\/a>.<\/p>\n<p>\u00abAttackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.\u00bb<\/p>\n<p>Per security researcher Egidio Romano, who <a href=\"https:\/\/karmainsecurity.com\/KIS-2026-06\">discovered<\/a> the vulnerability, the problem is rooted in the \u00ab\/app\/system\/weixin\/include\/class\/weixinreply.class.php\u00bb script, and stems from a lack of adequate sanitization of user-supplied input when issuing Weixin (aka WeChat) API requests.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>As a result, remote, unauthenticated attackers could exploit this loophole to inject and execute arbitrary PHP code. One key prerequisite for successful exploitation when MetInfo is running on non-Windows servers is that the \u00ab\/cache\/weixin\/\u00bb directory has to exist beforehand.The directory is created when installing and configuring the official WeChat plugin.\u00a0<\/p>\n<p>Patches for CVE-2026-29014 were <a href=\"https:\/\/www.metinfo.cn\/news\/2875.html\">released<\/a> by MetInfo on April 7, 2026. The vulnerability has since come under exploitation as of April 25, with a \u00absmall number of exploits\u00bb deployed against susceptible honeypots located in the U.S. and Singapore.<\/p>\n<p>Although these efforts were initially sparse and associated with automated probing, the activity witnessed a surge on May 1, 2026, focusing on China and Hong Kong IP addresses, Caitlin Condon, vice president of security research at VulnCheck, <a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7457059523007188992\/\">said<\/a>. As many as 2,000 instances of MetInfo CMS are accessible online, most of which are in China.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802May 05, 2026Vulnerability \/ Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings&hellip;<\/p>\n","protected":false},"author":1,"featured_media":814,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[24,808,10,1525,13,128,1524,12],"class_list":["post-813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-attacks","tag-cms","tag-code","tag-cve202629014","tag-execution","tag-exploited","tag-metinfo","tag-remote"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=813"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/813\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/814"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}