CVE-2026-22315
Deferred Deferred - Pending Action
Privilege Escalation in Meona Client Launcher and Server Components

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: ENISA

Description
Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export  of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-05-20
AI Q&A
2026-05-20
EPSS Evaluated
N/A
NVD
CVE-2026-22315
EUVD
EUVD-2026-31092
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mesalvo meona_client_launcher_component to 19.06.2020 (exc)
mesalvo meona_server_component to 2025.04 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Incorrect Privilege Assignment issue in the Mesalvo Meona Client Launcher Component and Mesalvo Meona Server Component. It allows the export of user data, including cleartext passwords, through the SQL editor.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized exposure of sensitive user data, including cleartext passwords. This can result in data breaches, loss of confidentiality, and potentially allow attackers to gain further access or control over affected systems.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability involves the export of user data, including cleartext passwords, due to incorrect privilege assignment in Mesalvo Meona components. Exposure of sensitive user data such as passwords can lead to violations of data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.

Specifically, GDPR requires organizations to implement appropriate security measures to protect personal data and prevent unauthorized access or disclosure. Similarly, HIPAA mandates safeguards to ensure the confidentiality and integrity of protected health information. The vulnerability's potential to expose cleartext passwords and user data could result in non-compliance with these standards.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart