Home / Vulnerability Intelligence / CVE-2026-29075

CVE-2026-29075 - Vulnerability Analysis

HighCVSS: 8.3

Last Updated: March 9, 2026

Mesa - Remote Code Execution

Published: March 6, 2026Updated: March 9, 2026Remote Exploitable

Overview

Mesa <= 3.5.0 contains a remote code execution caused by checking out untrusted code in benchmarks.yml workflow, letting attackers execute code in privileged runner, exploit requires untrusted code checkout.

Severity & Score

Severity: High

CVSS Score: 8.3

EPSS Score: 6.7%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code with privileged runner access, potentially compromising the entire system.

Mitigation

Update to a version after 3.5.0 with commit c35b8cd applied.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 7, 2026

🟠 CVE-2026-29075 - High (8.3) Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privil... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29075/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-29075
Severity: High
CVSS Score: 8.3
Type: command_injection
Status: unconfirmed
EPSS: 6.7%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

EPSS Score

6.7%Probability of exploitation in the next 30 days