What is the CVSS score of CVE-2026-0856?

CVE-2026-0856 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Mesalvo Meona are affected by CVE-2026-0856?

Organizations deploying Mesalvo Meona (Client Launcher and Server) face a critical administrative access vulnerability: legitimate user accounts can exploit weak access controls to gain full system…

Mesalvo Meona CVE-2026-0856

EUVD-2026-31093 HIGH

Improper Access Control (CWE-284)

2026-05-20 ENISA

GHSA-q549-3jgw-crc8

Authentication Bypass

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 20, 2026 - 11:45 vuln.today

DescriptionNVD

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.

AnalysisAI

Privilege escalation in Mesalvo Meona Client Launcher and Server components allows a low-privileged authenticated user to gain access to the administrative panel due to improper access control enforcement. The flaw affects Meona Client Launcher Component through build 19.06.2020 15:11:49 and Meona Server Component through 2025.04 5+323020, and is tagged as an Authentication Bypass with no public exploit identified at time of analysis. …

RemediationAI

Within 24 hours: Inventory all Meona Client Launcher instances running build 19.06.2020 15:11:49 or earlier, and Meona Server components at version 2025.04 5+323020 or earlier; determine which systems contain sensitive data or critical functions. Within 7 days: Implement compensating controls (see below), restrict administrative panel access to only essential personnel, and disable remote access to affected components where operationally feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0856 vulnerability details – vuln.today

Back

Mesalvo Meona CVE-2026-0856

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code