Home / Vulnerability Intelligence / CVE-2026-33054

CVE-2026-33054 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: March 20, 2026

Mesop - Path Traversal

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Mesop <= 1.2.2 contains a path traversal caused by untrusted state_token in UI stream payload, letting attackers manipulate arbitrary files or cause denial of service, exploit requires use of FileStateSessionBackend.

Severity & Score

Severity: Critical

CVSS Score: 10.0

EPSS Score: 1.6%(Probability of exploitation in next 30 days)

Impact

Attackers can manipulate files or cause application denial of service, potentially disrupting service availability.

Mitigation

Upgrade to version 1.2.3.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 20, 2026

🔴 CVE-2026-33054 - Critical (10) Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_token through the UI stream payload to arbitrarily ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33054/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33054
Severity: Critical
CVSS Score: 10.0
Type: path_traversal
Status: unconfirmed
EPSS: 1.6%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

1.6%Probability of exploitation in the next 30 days