{"data":{"id":"fc152021-e34c-4e8c-9d8a-b9d3237e3b9d","title":"GHSA-gjgx-rvqr-6w6v: Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py","summary":"Mesop contains a critical vulnerability in its testing module where a `/exec-py` route accepts Python code without any authentication checks and executes it directly on the server. This allows anyone who can send an HTTP request to the endpoint to run arbitrary commands on the machine hosting the application, a flaw known as unauthenticated remote code execution (RCE, where an attacker runs commands on a system they don't own).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-gjgx-rvqr-6w6v","publishedAt":"2026-03-18T20:05:00.000Z","cveId":"CVE-2026-33057","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["mesop@<= 1.2.2 (fixed: 1.2.3)"],"affectedVendors":["Google"],"affectedVendorsRaw":["Google","Mesop"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-18T20:05:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}