CVE-2026-33057

CVE-2026-33057 is an unrestricted remote code execution vulnerability (CWE-94) in Mesop, a Python-based UI framework for building web applications. It affects versions 1.2.2 and below, specifically within the ai/ testing module infrastructure. The vulnerable component is a lightweight debugging Flask server in ai/sandbox/wsgi_app.py, which exposes an /exec-py web endpoint that directly ingests untrusted Python code strings via base64-encoded payloads in the 'code' parameter of POST requests, without any authentication. The server saves the code to the filesystem and executes it recursively using execute_module(module_path...), enabling full host compromise. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Attackers require only network access to the affected Mesop server instance running the debugging endpoint. Exploitation involves sending a simple POST request to /exec-py with a base64-encoded Python payload, which is unconditionally evaluated and executed on the host machine. Successful exploitation grants arbitrary command execution rights, allowing attackers to achieve complete control over the server, including data exfiltration, persistence, or further lateral movement.

The vulnerability has been addressed in Mesop version 1.2.3. Security practitioners should upgrade to this version or later. Additional details are available in the GitHub security advisory (https://github.com/mesop-dev/mesop/security/advisories/GHSA-gjgx-rvqr-6w6v) and the fixing commit (https://github.com/mesop-dev/mesop/commit/825f55970c20686de3f28e2c66df4d74e9d4db47).

This issue is noteworthy in AI/ML development contexts, as the vulnerable endpoint is part of Mesop's AI sandbox testing infrastructure.