Incorrect Privilege Assignment in Mesalvo Meona Client and Server Components
CVE-2026-22315

7.2HIGH

Key Information:

Vendor: Mesalvo
Status: Meona Client Launcher Component; Meona Server Component
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-22315?

The Mesalvo Meona Client Launcher and Server Components have a critical flaw related to incorrect privilege assignment. This vulnerability allows unauthorized access, leading to the potential export of sensitive user data, including cleartext passwords, through the SQL editor. Versions of the Meona Client Launcher up to 19.06.2020 15:11:49 and the Meona Server Component up to 2025.04 5+323020 are affected, highlighting the risks associated with inadequate privilege controls in these applications.

Affected Version(s)

Meona Client Launcher Component 0 <= 19.06.2020 15:11:49

Meona Server Component 0 <= 2025.04 5+323020

References

https://seccore.at/blog/cves-meona/

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22315 Data

JSON