Code Injection Vulnerability in Mesalvo Meona Client and Server Components
CVE-2026-22314

9CRITICAL

Key Information:

Vendor: Mesalvo
Status: Meona Client Launcher Component; Meona Server Component
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-22314?

A code injection vulnerability in the Mesalvo Meona Client Launcher and Server Components allows attackers to execute arbitrary code on the systems of other users. This security flaw can be exploited by crafting malicious input, leading to unauthorized access and control over the affected systems. It is crucial for users and organizations utilizing these components to apply necessary security measures and updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Meona Client Launcher Component 0 <= 19.06.2020 15:11:49

Meona Server Component 0 <= 2025.04 5+323020

References

https://seccore.at/blog/cves-meona/

third-party-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22314 Data

JSON