Mesalvo Meona Client Launcher <=19.06.2020 - Unprivileged Data Export via SQL
CVE-2026-22315 Published on May 20, 2026

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.

NVD

Vulnerability Analysis

CVE-2026-22315 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Versions

Mesalvo Meona Client Launcher Component:

Before and including 19.06.2020 15:11:49 is affected.

Mesalvo Meona Server Component:

Before and including 2025.04 5+323020 is affected.

Exploit Probability

EPSS

0.05%

Percentile

14.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Mesalvo Meona Client Launcher <=19.06.2020 - Unprivileged Data Export via SQLCVE-2026-22315 Published on May 20, 2026

Vulnerability Analysis

Weakness Type

Incorrect Privilege Assignment

Affected Versions

Exploit Probability

Mesalvo Meona Client Launcher <=19.06.2020 - Unprivileged Data Export via SQL
CVE-2026-22315 Published on May 20, 2026