Primary

Context

Mesalvo Meona Code Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A code injection vulnerability has been identified in the Mesalvo Meona Client Launcher and Server components. This vulnerability allows for arbitrary code execution on the systems of other users. It affects the Meona Client Launcher through version 19.06.2020 15:11:49 and the Meona Server Component through version 2025.04 5+323020.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the client systems where Meona is running.

Reproduction

The vulnerability can be reproduced by adding scripts in various programming languages or by modifying XML-based configurations through administrative features of the Meona application. Once the code is injected via these methods, it is executed on the client systems running Meona.

Added: May 20, 2026, 11:19 AM

Updated: May 20, 2026, 11:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

8.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

8.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mesalvo Meona Code Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Mesalvo Meona Client Launcher Component

Mesalvo Meona Server Component

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating