What is CVE-2026-33057?

CVE-2026-33057 is a critical-severity vulnerability in Mesop-dev Mesop, classified under Code Injection. CVSS score: 9.8/10. Published 2026-03-20.

How severe is CVE-2026-33057?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Mesop-dev Mesop

CVE-2026-33057

Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings uncondition…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.129 (94.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mesop-dev Mesop — versions < 1.2.3

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/mesop-dev/mesop/security/advisories/GHSA-gjgx-rvqr-6w6v (x_refsource_CONFIRM)
https://github.com/mesop-dev/mesop/commit/825f55970c20686de3f28e2c66df4d74e9d4db47 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33057?: CVE-2026-33057 is a critical-severity vulnerability in Mesop-dev Mesop, classified under Code Injection. CVSS score: 9.8/10. Published 2026-03-20.
How severe is CVE-2026-33057?: Critical severity. CVSS v3 base score is 9.8 out of 10.