CVE-2026-25602
Email Spoofing in Meona Client and Server Components
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: ENISA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mesalvo | meona_client_launcher_component | to 2020-06-19 (exc) |
| mesalvo | meona_server_component | to 2025-04 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Insufficient Verification of Data Authenticity issue found in the Mesalvo Meona Client Launcher Component and Mesalvo Meona Server Component. It allows an attacker to send messages to any email address by exploiting the lack of proper verification mechanisms in these components.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized sending of messages to any email address. This could lead to misuse of the messaging system, potential spam, phishing attacks, or other malicious communications originating from the affected components.