MetInfo CMS Vulnerability CVE-2026-29014 Actively Exploited for RCE
A critical code injection vulnerability (CVE-2026-29014) in MetInfo CMS is being actively exploited, allowing for unauthenticated remote code execution.
Threat actors are actively exploiting a critical security flaw, CVE-2026-29014, in the MetInfo CMS, an open-source content management system. The vulnerability, which has a CVSS score of 9.8, is a code injection flaw that allows for unauthenticated remote code execution. Versions 7.9, 8.0, and 8.1 of MetInfo are reportedly affected by this critical vulnerability.
The exploitation of CVE-2026-29014 enables attackers to inject and execute arbitrary code on the affected servers. This could lead to a complete compromise of the website and its underlying infrastructure, potentially resulting in data theft, unauthorized modifications, or the deployment of further malicious activities.
Developers of MetInfo are urged to release patches and updates to address this critical vulnerability immediately. Users of MetInfo CMS are strongly advised to update their systems to the latest secure version as soon as possible to prevent exploitation. Security teams should also monitor their systems for any signs of compromise related to this vulnerability.