CVE-2026-29014 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 1, 2026
MetInfo CMS - Remote Code Execution
Overview
MetInfo CMS 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability caused by insufficient input neutralization in the execution path, letting remote attackers execute arbitrary code remotely, exploit requires crafted requests.
Severity & Score
Impact
Remote attackers can execute arbitrary code, gaining full control over the affected server.
Mitigation
Update to the latest version beyond 8.1.
References
Social Media Activity(2 posts)
š“ CVE-2026-29014 - Critical (9.8) MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input... š https://www.thehackerwire.com/vulnerability/CVE-2026-29014/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-29014 - Critical (9.8) MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input... š https://www.thehackerwire.com/vulnerability/CVE-2026-29014/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-29014
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H