What is CVE-2026-29014?

CVE-2026-29014 is a critical-severity vulnerability in Metinfo Cms, classified under Code Injection. CVSS score: 9.8/10. Published 2026-04-01.

How severe is CVE-2026-29014?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Metinfo Cms

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficie…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.312 (96.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Metinfo Cms — versions 7.9.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

karmainsecurity.com/KIS-2026-06 (technical-description, exploit)
www.metinfo.cn/ (product)
www.vulncheck.com/advisories/metinfo-cms-unauthenticated-php-code-injection-rce (third-party-advisory)

Frequently asked questions

What is CVE-2026-29014?: CVE-2026-29014 is a critical-severity vulnerability in Metinfo Cms, classified under Code Injection. CVSS score: 9.8/10. Published 2026-04-01.
How severe is CVE-2026-29014?: Critical severity. CVSS v3 base score is 9.8 out of 10.