CVE-2026-22314
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mesalvo | Meona Client Launcher Component | ≤ 19.06.2020 15:11:49 | affected |
| Mesalvo | Meona Server Component | ≤ 2025.04 5+323020 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-22314
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component都是Mesalvo公司的产品。Mesalvo Meona Client Launcher Component是一个面向医疗信息系统客户端启动与应用接入的组件。Mesalvo Meona Server Component是一个面向医院临床工作流与患者数据管理的服务端组件。 Mesalvo Meona Client Launcher Component 19.06.202
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mesalvo | Meona Client Launcher Component | 0 ~ 19.06.2020 15:11:49 | - | |
| Mesalvo | Meona Server Component | 0 ~ 2025.04 5+323020 | - |
II. Public POCs for CVE-2026-22314
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-22314
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-22314 (1)
Same Patch Batch · Mesalvo · 2026-05-20 · 5 CVEs total
| CVE-2026-0856 | 7.8 HIGH | Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 访问控制错误漏洞 |
| CVE-2026-22315 | 7.2 HIGH | Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 安全漏洞 |
| CVE-2026-0857 | 6.0 MEDIUM | Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 安全漏洞 |
| CVE-2026-25602 | 4.4 MEDIUM | Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 数据伪造问题漏洞 |
IV. Related Vulnerabilities
Same product: Meona Client Launcher Component
Same vendor: Mesalvo
Same weakness: CWE-94
- CVE-2026-42879
FacturaScripts: Authenticated Remote Code Execution (RCE) vi - CVE-2026-45719
Budibase: CouchDB Reduce Injection via Unsanitized Calculati - CVE-2026-6169
affiliate-toolkit <= 3.8.5 - Authenticated (Editor+) Remote - CVE-2026-8832
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execut - CVE-2026-9568
ThingsBoard YAML provision getGatewayDockerComposeFile code
V. Comments for CVE-2026-22314
No comments yet