CVE-2026-0857
Cleartext Storage of Sensitive Information in Mesalvo Meona Components
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: ENISA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mesalvo | meona_client_launcher_component | to 19.06.2020_15:11:49 (inc) |
| mesalvo | meona_server_component | to 2025.04_5+323020 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-316 | The product stores sensitive information in cleartext in memory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the cleartext storage of sensitive information in memory within the Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component.
Storing sensitive data in cleartext in memory means that the information is not encrypted or protected, which could allow unauthorized users or processes with sufficient privileges to access this sensitive information.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information because it is stored in cleartext in memory.
An attacker or unauthorized user with local access and high privileges could potentially read this sensitive information, leading to confidentiality breaches.
According to the CVSS v3.1 score of 6.0 with vector AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N, the attack requires local access and high privileges but can result in a high impact on confidentiality.