Description
Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component.

This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
Published: 2026-05-20
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows for cleartext storage of sensitive data in memory within the Mesalvo Meona Client Launcher and Server components. This flaw means that if an attacker can access the process memory—through local privilege escalation, debugging tools, or other memory‑reading techniques—they could retrieve secrets such as usernames, passwords, or cryptographic keys. This breach would compromise confidentiality and could lead to further exploitation of the system.

Affected Systems

The issue affects Mesalvo Meona Client Launcher Component versions up to 19.06.2020 15:11:49 and Mesalvo Meona Server Component versions through 2025.04 5+323020. Both components are part of Mesalvo’s Meona platform and are used for launching clients and managing server operations.

Risk and Exploitability

With a CVSS score of 6.0, the vulnerability is considered moderate severity. The EPSS score is not provided, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local or involve memory‑reading privileges, meaning an attacker with sufficient access to the affected process could exploit the flaw. Until a patch is applied, the risk remains moderate, and organizations should treat this as a potential data exfiltration threat.

Generated by OpenCVE AI on May 20, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest Mesalvo Meona Client Launcher and Server components that contain the memory‑storage fix.
  • If an immediate update is not possible, limit process memory visibility by enforcing strict user and group permissions, disabling debugging hooks, and ensuring that only trusted users can access the application.
  • Audit recent deployments for any stored credentials in memory dumps or logs and remove or rotate any discovered secrets.

Generated by OpenCVE AI on May 20, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://seccore.at/blog/cves-meona/ cve-icon cve-icon
History

Wed, 20 May 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 11:15:00 +0000

Type Values Removed Values Added
Description Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
Weaknesses CWE-316
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ENISA

Published:

Updated: 2026-05-20T12:01:48.193Z

Reserved: 2026-01-12T06:14:14.665Z

Link: CVE-2026-0857

cve-icon Vulnrichment

Updated: 2026-05-20T12:01:43.981Z

cve-icon NVD

Status : Deferred

Published: 2026-05-20T11:16:25.923

Modified: 2026-05-20T14:03:10.193

Link: CVE-2026-0857

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T12:30:16Z

Weaknesses