Signal

Critical vulnerabilities exploited in MetInfo CMS and Cisco ISE management interface

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-05 11:56 UTCUpdated 2026-05-05 18:28 UTC

rss

vulnerabilitiesexploitssecurity_tooling

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Cisco Security Advisories · News · sec.cloudapps.cisco.com · 2026-05-05 18:28 UTC

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

thehackernews · News · thehackernews.com · 2026-05-05 11:56 UTC

limited source diversity in top sources

View all evidence

Overview

Two significant security issues have emerged: MetInfo CMS suffers from a critical unauthenticated code injection vulnerability (CVE-2026-29014) actively exploited for remote code execution, while Cisco Identity Services Engine (ISE) web interface has stored cross-site...

Entities

CiscoMetInfo CMSCisco Identity Services Engine

Score total

0.96

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Active exploitation of MetInfo CMS vulnerability demands immediate attention.
Cisco's recent advisory signals urgent need for updates to prevent XSS attacks.
Both vulnerabilities affect widely deployed systems, increasing potential impact.

Why it matters

MetInfo CMS vulnerability allows unauthenticated remote code execution, risking widespread compromise.
Cisco ISE XSS flaws enable attackers with admin credentials to execute malicious scripts, threatening network security.
Timely patching is critical as no workarounds exist for Cisco ISE vulnerabilities.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Cisco Identity Services Engine web interface has stored cross-site scripting vulnerabilities exploitable by authenticated attackers.
MetInfo CMS versions 7.9, 8.0, and 8.1 contain a critical unauthenticated code injection vulnerability (CVE-2026-29014) actively exploited for remote code execution.

How sources frame it

Cisco Security Advisories: neutral
The Hacker News: neutral

This briefing highlights urgent patching needs for critical vulnerabilities in Cisco ISE and MetInfo CMS actively exploited in the wild.

All evidence

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Cisco Security Advisories · sec.cloudapps.cisco.com · 2026-05-05 18:28 UTC

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

thehackernews · thehackernews.com · 2026-05-05 11:56 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

Cisco Security Advisories (1)
thehackernews (1)

Top origin domains (this list)

sec.cloudapps.cisco.com (1)
thehackernews.com (1)