Home / Vulnerability Intelligence / CVE-2026-33057

CVE-2026-33057 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 20, 2026

Mesop - Remote Code Execution

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Mesop <= 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 11.6%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary commands on the host, leading to full system compromise.

Mitigation

Upgrade to version 1.2.3 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 20, 2026

🔴 CVE-2026-33057 - Critical (9.8) Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally wit... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33057/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33057
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: unconfirmed
EPSS: 11.6%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

11.6%Probability of exploitation in the next 30 days