This critical vulnerability allows unauthenticated attackers to execute arbitrary code on the host server running affected Mesop versions. The unprotected /exec-py debug endpoint accepts base64-encoded user input, which is directly evaluated as Python code without any authentication or sandboxing. Successful exploitation gives attackers full control over the affected host.
Remediation
Immediately upgrade Mesop to version 1.2.3 or newer, which removes the vulnerable unauthenticated debug endpoint. Block all external access to instances running affected versions until the patch is applied. Audit affected systems for signs of unauthorized access after patching.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.