EUVD-2026-31090
GHSA-xcwx-69fp-83wm
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
AnalysisAI
Code injection in Mesalvo Meona Client Launcher Component (through 19.06.2020 15:11:49) and Meona Server Component (through 2025.04 5+323020) allows an authenticated, low-privileged attacker to execute code on other users' systems via crafted input that crosses a scope boundary, with user interaction required on the victim side. CVSS 9.0 reflects the cross-user/cross-system impact (Scope:Changed) and full CIA compromise; no public exploit identified at time of analysis. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Enumerate all Mesalvo Meona deployments (Client Launcher through version 19.06.2020 15:11:49 and Meona Server Component through version 2025.04 5+323020); restrict application access to essential clinical staff only; alert users to reject unexpected file interactions or application prompts. Within 7 days: Contact Mesalvo for patch timeline confirmation; implement application whitelisting on Meona-connected systems; enable detailed logging of Meona process and child-process execution. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today