CVE-2026-33057: CWE-94: Improper Control of Generation of Code ('Code Injection') in mesop-dev mesop
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block will gain explicit host-machine command rights. The AI codebase package includes a lightweight debugging Flask server inside ai/sandbox/wsgi_app.py. The /exec-py route accepts base_64 encoded raw string payloads inside the code parameter natively evaluated by a basic POST web request. It saves it rapidly to the operating system logic path and injects it recursively using execute_module(module_path...). This issue has been fixed in version 1.2.3.
AI Analysis
Technical Summary
The vulnerability CVE-2026-33057 affects the mesop Python UI framework, specifically versions 1.2.2 and earlier. Mesop includes a lightweight Flask debugging server within its AI codebase, notably in ai/sandbox/wsgi_app.py, which exposes an endpoint /exec-py. This endpoint accepts POST requests containing a base64-encoded Python code string in the 'code' parameter. The server decodes and saves this code to the operating system path, then executes it recursively using the execute_module function. Critically, this endpoint lacks any authentication or input validation, allowing any remote attacker capable of sending HTTP requests to the server to execute arbitrary Python code on the host machine. This constitutes an unrestricted remote code execution (RCE) vulnerability classified under CWE-94 (Improper Control of Generation of Code). The vulnerability has a CVSS 3.1 score of 9.8, indicating critical severity due to its network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. The issue was publicly disclosed on March 20, 2026, and fixed in mesop version 1.2.3. No known exploits have been reported in the wild yet. The flaw stems from the design choice to include a debugging endpoint that executes arbitrary code without safeguards, posing a severe risk if exposed in production environments.
Potential Impact
This vulnerability allows attackers to gain full control over affected systems running vulnerable mesop versions by executing arbitrary Python code remotely without authentication. The impact includes complete compromise of confidentiality, integrity, and availability of the host system. Attackers can steal sensitive data, modify or delete files, install malware or backdoors, pivot within internal networks, and disrupt services. Given mesop's role as a UI framework for web applications, exploitation could lead to compromise of web-facing servers, potentially exposing customer data or internal resources. The ease of exploitation and lack of required privileges or user interaction make this a highly dangerous threat. Organizations using mesop in production environments are at significant risk of targeted attacks or automated exploitation once public details become widely known.
Mitigation Recommendations
The primary mitigation is to upgrade all mesop instances to version 1.2.3 or later, where this vulnerability is fixed. Until upgrades can be applied, organizations should immediately restrict network access to the affected /exec-py endpoint, ideally by firewall rules or network segmentation, to prevent unauthorized HTTP requests. Disabling or removing the ai/testing module and the embedded Flask debugging server in production environments is strongly recommended to reduce attack surface. Monitoring and logging HTTP requests to detect suspicious activity targeting this endpoint can provide early warning of exploitation attempts. Additionally, running mesop with the least privilege possible and employing runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions may help detect or block malicious code execution. Regular security audits and code reviews should be conducted to identify similar unsafe code execution patterns.
Affected Countries
United States, Germany, United Kingdom, France, Japan, South Korea, China, India, Canada, Australia
CVE-2026-33057: CWE-94: Improper Control of Generation of Code ('Code Injection') in mesop-dev mesop
Description
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block will gain explicit host-machine command rights. The AI codebase package includes a lightweight debugging Flask server inside ai/sandbox/wsgi_app.py. The /exec-py route accepts base_64 encoded raw string payloads inside the code parameter natively evaluated by a basic POST web request. It saves it rapidly to the operating system logic path and injects it recursively using execute_module(module_path...). This issue has been fixed in version 1.2.3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-33057 affects the mesop Python UI framework, specifically versions 1.2.2 and earlier. Mesop includes a lightweight Flask debugging server within its AI codebase, notably in ai/sandbox/wsgi_app.py, which exposes an endpoint /exec-py. This endpoint accepts POST requests containing a base64-encoded Python code string in the 'code' parameter. The server decodes and saves this code to the operating system path, then executes it recursively using the execute_module function. Critically, this endpoint lacks any authentication or input validation, allowing any remote attacker capable of sending HTTP requests to the server to execute arbitrary Python code on the host machine. This constitutes an unrestricted remote code execution (RCE) vulnerability classified under CWE-94 (Improper Control of Generation of Code). The vulnerability has a CVSS 3.1 score of 9.8, indicating critical severity due to its network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. The issue was publicly disclosed on March 20, 2026, and fixed in mesop version 1.2.3. No known exploits have been reported in the wild yet. The flaw stems from the design choice to include a debugging endpoint that executes arbitrary code without safeguards, posing a severe risk if exposed in production environments.
Potential Impact
This vulnerability allows attackers to gain full control over affected systems running vulnerable mesop versions by executing arbitrary Python code remotely without authentication. The impact includes complete compromise of confidentiality, integrity, and availability of the host system. Attackers can steal sensitive data, modify or delete files, install malware or backdoors, pivot within internal networks, and disrupt services. Given mesop's role as a UI framework for web applications, exploitation could lead to compromise of web-facing servers, potentially exposing customer data or internal resources. The ease of exploitation and lack of required privileges or user interaction make this a highly dangerous threat. Organizations using mesop in production environments are at significant risk of targeted attacks or automated exploitation once public details become widely known.
Mitigation Recommendations
The primary mitigation is to upgrade all mesop instances to version 1.2.3 or later, where this vulnerability is fixed. Until upgrades can be applied, organizations should immediately restrict network access to the affected /exec-py endpoint, ideally by firewall rules or network segmentation, to prevent unauthorized HTTP requests. Disabling or removing the ai/testing module and the embedded Flask debugging server in production environments is strongly recommended to reduce attack surface. Monitoring and logging HTTP requests to detect suspicious activity targeting this endpoint can provide early warning of exploitation attempts. Additionally, running mesop with the least privilege possible and employing runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions may help detect or block malicious code execution. Regular security audits and code reviews should be conducted to identify similar unsafe code execution patterns.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-17T18:10:50.213Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69bcf9b8e32a4fbe5f3bdae5
Added to database: 3/20/2026, 7:39:36 AM
Last enriched: 3/27/2026, 6:53:30 PM
Last updated: 5/1/2026, 7:10:37 PM
Views: 88
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.