CVE-2026-22315
Deferred Deferred - Pending Action
Privilege Escalation in Meona Client Launcher and Server Components

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: ENISA

Description
Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export  of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-22315
EUVD
EUVD-2026-31092
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mesalvo meona_client_launcher_component to 19.06.2020 (exc)
mesalvo meona_server_component to 2025.04 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Incorrect Privilege Assignment issue in the Mesalvo Meona Client Launcher Component and Mesalvo Meona Server Component. It allows the export of user data, including cleartext passwords, through the SQL editor.

Impact Analysis

The vulnerability can lead to unauthorized exposure of sensitive user data, including cleartext passwords. This can result in data breaches, loss of confidentiality, and potentially allow attackers to gain further access or control over affected systems.

Compliance Impact

This vulnerability involves the export of user data, including cleartext passwords, due to incorrect privilege assignment in Mesalvo Meona components. Exposure of sensitive user data such as passwords can lead to violations of data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.

Specifically, GDPR requires organizations to implement appropriate security measures to protect personal data and prevent unauthorized access or disclosure. Similarly, HIPAA mandates safeguards to ensure the confidentiality and integrity of protected health information. The vulnerability's potential to expose cleartext passwords and user data could result in non-compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22315. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart