CVE-2026-25602
Deferred Deferred - Pending Action
Email Spoofing in Meona Client and Server Components

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: ENISA

Description
Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address.Β This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-25602
EUVD
EUVD-2026-31094
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mesalvo meona_client_launcher_component to 2020-06-19 (exc)
mesalvo meona_server_component to 2025-04 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Insufficient Verification of Data Authenticity issue found in the Mesalvo Meona Client Launcher Component and Mesalvo Meona Server Component. It allows an attacker to send messages to any email address by exploiting the lack of proper verification mechanisms in these components.

Impact Analysis

The vulnerability can impact you by allowing unauthorized sending of messages to any email address. This could lead to misuse of the messaging system, potential spam, phishing attacks, or other malicious communications originating from the affected components.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25602. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart