3 matches found
CVE-2026-33057
Mesop (Python-based UI framework) versions 1.2.2 and earlier are affected by an unauthenticated remote code execution via the test-suite route /exec-py. The vulnerability stems from an explicit web endpoint in the ai/ testing module that ingests untrusted Python code strings unconditionally and e...
CVE-2026-33054
CVE-2026-33054 affects the Mesop Python UI framework (versions ≤ 1.2.2) and enables a Path Traversal via the UI stream payload when FileStateSessionBackend is used. An untrusted state_token can target arbitrary files on disk, causing denial of service (crash loops) or unauthorized file writes/del...
CVE-2026-34824
CVE-2026-34824 targets the Mesop Python-based UI framework. A vulnerability in the WebSocket handler from version 1.2.3 up to, but not including, 1.2.5 allows an unauthenticated attacker to flood the server with rapid WebSocket messages, causing unbounded thread creation. This thread exhaustion l...