CriticalPublic exploit

Unauthenticated RCE in Mesop AI testing /exec-py endpoint

IdentifiersCVE-2026-33057CWE-94· Improper Control of Generation of…

CVE-2026-33057 is an unrestricted remote code execution vulnerability in Mesop, a Python-based UI framework for building web applications. It affects Mesop 1.2.2 and earlier. The flaw is in the AI testing/debug infrastructure, specifically a lightweight Flask server in ai/sandbox/wsgi_app.py that exposes the /exec-py route. That endpoint accepts base64-encoded Python source via the code POST parameter, writes the supplied content to disk, and executes it through execute_module(module_path...). Because the endpoint ingests and evaluates untrusted Python code without authentication or other access controls, any reachable attacker can cause arbitrary Python code to run on the host system.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation yields full remote code execution on the host running the vulnerable Mesop component. Given the supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the impact is high across confidentiality, integrity, and availability: an attacker can execute arbitrary commands, access or exfiltrate sensitive data available to the process, modify application or system state, deploy additional payloads, and disrupt service operation.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, prevent network access to the vulnerable Flask debugging/testing server and specifically block the /exec-py route. Disable or remove the AI testing/debug infrastructure from production deployments, restrict access to trusted administrators only, bind the service to localhost where feasible, and place it behind network ACLs, reverse-proxy allowlists, or firewall rules. Monitor for POST requests to /exec-py and for unexpected creation/execution of Python modules on the host.

Remediation

Patch, then assume compromise.

Upgrade Mesop to version 1.2.3 or later, which fixes the vulnerable behavior. If change control requires validation, review the vendor patch associated with commit 825f55970c20686de3f28e2c66df4d74e9d4db47 and the GitHub advisory GHSA-gjgx-rvqr-6w6v. Ensure any deployments do not expose the vulnerable AI testing/debug endpoint in production.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GoogleMesopapplication

Mesop-DevMesopapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app

nuclei templates pull requestsNews

Apr 26, 2026

Create CVE-2026-33057.yaml by sammiee5311 · Pull Request #16039 · projectdiscovery/nuclei-templates · GitHub

Unknown

cvefeed high severityNews

Mar 20, 2026

CVE-2026-33057 - Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

An unauthenticated remote code execution vulnerability in Mesop versions 1.2.2 and below, caused by a web endpoint in the ai/testing infrastructure that accepts and executes untrusted Python code.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity6

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-33057

NVD

nvd.nist.gov/vuln/detail/CVE-2026-33057

MITRE CWE · CWE-94

Improper Control of Generation of Code ('Code…

Patch

github.com/mesop-dev/mesop/commit/825f55970c20686de3f28e2c66df4d74e9d4db47

Vendor Advisory

github.com/mesop-dev/mesop/security/advisories/GHSA-gjgx-rvqr-6w6v