Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

CVE-2026-33057

Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard...

Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

Summary An explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block wil...

PT-2026-26183

Name of the Vulnerable Software and Affected Versions Mesop versions 1.2.2 and below Description Mesop, a Python-based UI framework, contains a flaw where an explicit web endpoint within the ai/ testing module infrastructure directly accepts untrusted Python code strings without authentication...