CVE-2026-33057
Received Received - Intake
Unrestricted Remote Code Execution in Mesop ai/testing Module

Publication date: 2026-03-20

Last updated on: 2026-03-24

Assigner: GitHub, Inc.

Description
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block will gain explicit host-machine command rights. The AI codebase package includes a lightweight debugging Flask server inside ai/sandbox/wsgi_app.py. The /exec-py route accepts base_64 encoded raw string payloads inside the code parameter natively evaluated by a basic POST web request. It saves it rapidly to the operating system logic path and injects it recursively using execute_module(module_path...). This issue has been fixed in version 1.2.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33057
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mesop-dev mesop to 1.2.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-33057 is a critical vulnerability in the Mesop Python-based UI framework (versions 1.2.2 and below) that allows unauthenticated remote code execution. The issue exists in an explicit web endpoint `/exec-py` inside the AI testing module's Flask server, which accepts base64-encoded Python code via a POST request parameter named `code`. This code is decoded, saved to the host system, and executed without any authentication or input validation."}, {'type': 'paragraph', 'content': 'Any attacker capable of sending HTTP requests to this endpoint can execute arbitrary commands on the host machine with the privileges of the running service, leading to full system compromise.'}] [1]

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary code on the affected system without authentication or user interaction. As a result, attackers can gain full control over the host machine, compromising confidentiality, integrity, and availability.

  • Complete system takeover by executing arbitrary commands.
  • Potential data theft or destruction.
  • Disruption of service or system availability.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the vulnerable `/exec-py` endpoint in the Mesop application, specifically in versions 1.2.2 and below. Since the endpoint accepts base64-encoded Python code via a POST request parameter named `code`, you can attempt to send a test payload to see if the server executes it.'}, {'type': 'paragraph', 'content': 'A simple detection command using curl to test the vulnerability could be:'}, {'type': 'list_item', 'content': 'curl -X POST http://<target-server>/exec-py -d "code=$(echo -n \'import os; os.system(\\\'touch /tmp/pwned.txt\\\')\' | base64 -w0)"'}, {'type': 'paragraph', 'content': 'If the file `/tmp/pwned.txt` is created on the target system, it confirms the vulnerability is present and exploitable.'}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the Mesop package to version 1.2.3 or later, where this vulnerability has been fixed.

If upgrading is not immediately possible, you should disable or remove the vulnerable AI testing module and its Flask server, particularly the `/exec-py` endpoint, to prevent unauthenticated remote code execution.

According to the codebase changes, the entire AI package and its fine-tuning infrastructure were removed to address this issue, so removing these components is an effective mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart