Improper Access Control Vulnerability in Mesalvo Meona Components
CVE-2026-0856

7.8HIGH

Key Information:

Vendor: Mesalvo
Status: Meona Client Launcher Component; Meona Server Component
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-0856?

The Meona Client Launcher and Server Components from Mesalvo are affected by an Improper Access Control vulnerability. This flaw allows a standard user to gain unauthorized access to the admin panel, potentially compromising the integrity and security of the system. Users are advised to assess their installations and take appropriate actions to secure their components.

Affected Version(s)

Meona Client Launcher Component 0 <= 19.06.2020 15:11:49

Meona Server Component 0 <= 2025.04 5+323020

References

https://seccore.at/blog/cves-meona/

third-party-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Jan 12, 2026

CVE-2026-0856 Data

JSON