MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors actively exploit CVE-2026-29014, a critical unauthenticated code injection vulnerability in MetInfo CMS versions 7.9, 8.0, and 8.1. The flaw carries a CVSS score of 9.8, enabling attackers to execute arbitrary PHP code without authentication.

VulnCheck researchers documented active exploitation attempts. The vulnerability stems from insufficient input validation in the CMS, allowing remote attackers to inject malicious code directly into the application. Since MetInfo is open-source and widely deployed across small and mid-sized organizations, the attack surface spans thousands of potentially vulnerable instances.

The unauthenticated nature of this flaw presents severe risk. Attackers need no valid credentials to trigger the vulnerability. They can gain full remote code execution on affected servers, leading to data theft, malware installation, website defacement, or lateral movement into internal networks.

Organizations running MetInfo CMS should immediately audit their deployments and verify which versions are in use. The vendor has not yet released patched versions, though rapid patch development is expected given the CVSS 9.8 rating and active exploitation. Until patches arrive, administrators should consider taking affected instances offline or deploying web application firewalls configured to block malicious payloads targeting this specific injection vector.

The open-source nature of MetInfo means attackers can study the source code to craft reliable exploits. This accelerates weaponization and increases the likelihood of widespread abuse before patches deploy. Organizations without immediate patch access should implement strict network segmentation, monitor web server logs for suspicious PHP injection attempts, and restrict direct internet access to MetInfo instances where possible.

Small businesses often assume their CMS deployments attract minimal attention. This assumption proves costly. Attackers routinely mass-scan for vulnerable open-source applications and exploit them indiscriminately. Early patching or