Security News

Cybersecurity news aggregator

INFO News SC Media

MetInfo CMS vulnerability exploited by threat actors

cve-2026-29014
Read Full Article →

Vulnerability Management , Patch/Configuration Management MetInfo CMS vulnerability exploited by threat actors May 6, 2026 Share By SC Staff (Adobe Stock) Threat actors are actively exploiting a critical security flaw impacting the MetInfo open-source content management system, according to a recent report by The Hacker News. The vulnerability, identified as CVE-2026-29014 with a CVSS score of 9.8, is a PHP code injection flaw that allows unauthenticated remote attackers to execute arbitrary code. This is achieved by sending crafted requests with malicious PHP code to the affected script, specifically within theweixinreply.class.php file. Exploitation requires the /cache/weixin/ directory to exist, which is typically created when the WeChat plugin is installed. Patches were released by MetInfo on April 7, 2026. However, exploitation began on April 25, initially targeting honeypots in the U.S. and Singapore. Activity surged on May 1, focusing on China and Hong Kong, with as many as 2,000 MetInfo CMS instances accessible online, predominantly in China. Source: The Hacker News SC Staff Related Vulnerability Management Palo Alto Networks warns of critical PAN-OS vulnerability exploited in the wild SC Staff May 6, 2026 The vulnerability, which has a CVSS score of 9.3 when the User-ID Authentication Portal is exposed to untrusted networks, enables unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Vulnerability Management Google patches critical Android remote code execution flaw SC Staff May 6, 2026 The vulnerability specifically impacts the Android Debug Bridge daemon ("adbd"), a background process that facilitates communication between an Android device and a computer via the Android Debug Bridge tool. Vulnerability Management Critical 9.8 Weaver E-cology vulnerability actively exploited Steve Zurier May 5, 2026 Critical Weaver E-cology bug exploited for RCE, exposing core enterprise workflows and secrets. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds

Related Articles

CRITICAL MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks The Hacker News CRITICAL MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs SecurityWeek MEDIUM [UPDATE] [niedrig] Mattermost: Schwachstelle ermöglicht Offenlegung von Informationen BSI Germany MEDIUM [UPDATE] [niedrig] Mattermost: Schwachstelle ermöglicht Offenlegung von Informationen BSI Germany
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn