Skip to main content

Mesalvo Meona CVE-2026-0857

| EUVDEUVD-2026-31091 MEDIUM
Cleartext Storage of Sensitive Information in Memory (CWE-316)
2026-05-20 ENISA GHSA-49qv-652v-577v
6.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 20, 2026 - 11:46 vuln.today

DescriptionCVE.org

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component.

This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.

AnalysisAI

Cleartext storage of sensitive information in memory (CWE-316) affects both the Meona Client Launcher Component and the Meona Server Component from Mesalvo, exposing confidential data to local privileged attackers. The CVSS vector (AV:L/PR:H/S:C/C:H) indicates that a locally authenticated administrator can read sensitive material - likely credentials or session tokens - directly from process memory, with the changed scope suggesting this exposure can cascade to resources or components beyond the initially compromised process. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

Technical ContextAI

CWE-316 describes a class of flaw where an application retains sensitive data - such as passwords, cryptographic keys, or authentication tokens - in process memory in plaintext form rather than applying secure memory handling (e.g., zeroing buffers post-use, using protected memory regions, or encrypting in-memory secrets). The affected products are identified by CPE strings cpe:2.3:a:mesalvo:meona_client_launcher_component and cpe:2.3:a:mesalvo:meona_server_component, covering a healthcare or clinical workflow platform (Meona) developed by Mesalvo. The local attack vector (AV:L) means exploitation requires the attacker to be executing code on the same host, while the changed scope (S:C) in the CVSS vector suggests that the sensitive material held in memory, once read, grants leverage over additional systems or components - consistent with credential exposure enabling lateral movement.

RemediationAI

The primary remediation is to upgrade both affected components beyond the confirmed vulnerable version boundaries - Meona Client Launcher Component beyond the 19.06.2020 15:11:49 build and Meona Server Component beyond 2025.04 5+323020 - once a vendor-released patched version is confirmed. Based on current data, a patch is available per the vendor advisory referenced at https://seccore.at/blog/cves-meona/, but an exact fixed version number was not independently confirmed in the available intelligence; organizations should contact Mesalvo directly to obtain the specific remediated release. As a compensating control where upgrading is not immediately feasible, restrict local administrative access to hosts running Meona components using role-based access controls and privileged access workstations - this directly addresses the PR:H precondition. Additionally, deploy memory-scanning or endpoint detection tooling capable of flagging unexpected process memory reads on sensitive services. Note that restricting admin access may impact legitimate operational workflows and should be coordinated with system owners.

Share

CVE-2026-0857 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy