MetInfo CMS unauthenticated PHP code injection actively exploited remote code execution flaw (CVE-2026-29014)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-29014 in MetInfo CMS is actively exploited, putting versions 7.9, 8.0, and 8.1 at risk of remote code execution and full server takeover. MetInfo released patches on April 7, 2026, but exploitation was observed starting April 25 and then surged on May 1. Researchers saw a small number of exploits against honeypots in the U.S. and Singapore, then broader probing shifted toward China and Hong Kong IPs.
Related Happenings
OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)
Exploitation Wave
First: 17.05.2026 14:57
Last: 17.05.2026 14:57
Sources 1
About this happening:
**openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...
OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)
Exploitation WaveAbout this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...
CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)
Exploitation Wave
First: 04.05.2026 11:25
Last: 04.05.2026 11:25
Sources 1
About this happening:
Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...
CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation Wave
First: 02.04.2026 11:25
Last: 02.04.2026 11:25
Sources 1
About this happening:
As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation WaveAbout this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities
Campaign
First: 02.04.2026 00:35
Last: 02.04.2026 00:35
Sources 1
About this happening:
The **TrueChaos** campaign has been exploiting **CVE-2026-3502** in **TrueConf** zero-day attacks against **government entities in Southeast Asia**, turning compromised servers in...
TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities
CampaignAbout this happening: The **TrueChaos** campaign has been exploiting **CVE-2026-3502** in **TrueConf** zero-day attacks against **government entities in Southeast Asia**, turning compromised servers in...
Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave
Exploitation Wave
First: 26.03.2026 18:00
Last: 26.03.2026 18:00
Sources 1
About this happening:
**Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...
Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave
Exploitation WaveAbout this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...
Timeline
-
05.05.2026 14:56 1 articles · 22d ago
MetInfo releases patches for CVE-2026-29014
Mitigation Patch UpdateMetInfo released patches for CVE-2026-29014 affecting MetInfo CMS versions 7.9, 8.0, and 8.1, closing an unauthenticated PHP code injection flaw that could allow remote attackers to execute arbitrary code on vulnerable servers.
Show sources
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks — thehackernews.com — 05.05.2026 14:56
-
05.05.2026 14:56 1 articles · 22d ago
Early exploitation targets MetInfo honeypots in the U.S. and Singapore
Exploitation ObservedCVE-2026-29014 entered active exploitation with a small number of exploit attempts against susceptible MetInfo honeypots in the U.S. and Singapore, indicating early probing against exposed systems.
Show sources
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks — thehackernews.com — 05.05.2026 14:56
-
05.05.2026 14:56 1 articles · 22d ago
Exploitation activity surges toward China and Hong Kong IP addresses
Campaign Scope UpdateExploitation activity against MetInfo CMS surged and shifted toward China and Hong Kong IP addresses, while as many as 2,000 MetInfo CMS instances remained accessible online, most of them in China.
Show sources
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks — thehackernews.com — 05.05.2026 14:56
-
05.05.2026 14:56 2 articles · 22d ago
VulnCheck discloses active exploitation of CVE-2026-29014
Initial DisclosureVulnCheck disclosed active exploitation of CVE-2026-29014 in MetInfo CMS, describing a critical 9.8 unauthenticated PHP code injection flaw that can lead to arbitrary code execution and full control of affected servers; NVD and security researcher Egidio Romano tied the issue to insufficient input neutralization in /app/system/weixin/include/class/weixinreply.class.php, with successful exploitation on non-Windows servers requiring a pre-existing /cache/weixin/ directory created by the official WeChat plugin.
Show sources
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks — thehackernews.com — 05.05.2026 14:56
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks — thehackernews.com — 05.05.2026 14:56