Insufficient Verification of Data Authenticity in Mesalvo Meona Client and Server Components
CVE-2026-25602

4.4MEDIUM

Key Information:

Vendor: Mesalvo
Status: Meona Client Launcher Component; Meona Server Component
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-25602?

A vulnerability in the Mesalvo Meona Client Launcher and Server Components allows unauthorized message sending to any email address. This stems from inadequate verification of data authenticity, potentially enabling malicious actors to exploit the system. It's crucial for users of the affected components to assess their security posture and apply necessary mitigations.

Affected Version(s)

Meona Client Launcher Component 0 <= 19.06.2020 15:11:49

Meona Server Component 0 <= 2025.04 5+323020

References

https://seccore.at/blog/cves-meona/

third-party-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Feb 3, 2026

CVE-2026-25602 Data

JSON