Summary

MetInfo CMS is actively exploited via CVE-2026-29014, a critical PHP code injection vulnerability that allows unauthenticated attackers to gain full remote control of servers. Exploitation surged in early May, primarily targeting deployments in Singapore and the United States through automated probing.

Take Action:

If you run MetInfo CMS, update it immediately and check your logs for unauthorized PHP execution. Internet-facing instances are being actively scanned and exploited by automated tools.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines