Mesop-Dev Mesop vulnerabilities
5 known vulnerabilities affecting mesop-dev/mesop.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3
Vulnerabilities
Page 1 of 1
CVE-2026-33057P2CRITICALCVSS 9.8PoCfixed in 1.2.32026-03-20
CVE-2026-33057 [CRITICAL] CWE-94 CVE-2026-33057: Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capab
ghsanvdosv
CVE-2026-33054P3CRITICALCVSS 9.8fixed in 1.2.32026-03-20
CVE-2026-33054 [CRITICAL] CWE-22 CVE-2026-33054: Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and
Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_token through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application
ghsanvdosv
CVE-2025-30358P3HIGHCVSS 8.1fixed in 0.14.12025-03-27
CVE-2025-30358 [HIGH] CWE-915 CVE-2025-30358: Mesop is a Python-based UI framework that allows users to build web applications. A class pollution
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Add
ghsanvdosv
CVE-2026-34824P3HIGHCVSS 7.5≥ 1.2.3, < 1.2.5v>= 1.2.3, < 1.2.52026-04-03
CVE-2026-34824 [HIGH] CWE-125 CVE-2026-34824: Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3
Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession of WebSocket messages, forcing the server to spawn an unb
ghsanvdosv
CVE-2024-45601P3HIGH≥ 0.9.0, < 0.12.42024-09-18
CVE-2024-45601 [HIGH] CWE-20 Mesop has a local file Inclusion via static file serving functionality
Mesop has a local file Inclusion via static file serving functionality
A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served.
Use
ghsaosv