MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Summary
Threat actors are actively exploiting a critical remote code execution vulnerability, CVE-2026-29014, in the open-source MetInfo CMS. This code injection flaw allows for arbitrary code execution and affects versions 7.9, 8.0, and 8.1.
IFF Assessment
The active exploitation of a critical vulnerability in a CMS poses a significant threat to organizations using the affected software, enabling attackers to execute arbitrary code.
Severity
The CVSS score of 9.8 indicates a critical severity, stemming from the vulnerability's potential for unauthenticated remote code execution, which has a high impact on confidentiality, integrity, and availability.
Defender Context
Defenders should prioritize patching or mitigating MetInfo CMS instances immediately, as this critical vulnerability is already being actively exploited. Organizations should also review their web application firewall (WAF) rules and intrusion detection systems (IDS) for any indicators of compromise related to this exploit.