Is mesop affected by CVE-2026-33057?

PyPI mesop is affected in <1.2.3.

Is CVE-2026-33057 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 5.3%.

critical

CVE-2026-33057

Q: Is CVE-2026-33057 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 5.3%.

PyPI · mesop

Summary

Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

Severity: critical
EPSS: 5.3% (p92)
Also known as: GHSA-gjgx-rvqr-6w6v
Published: 2026-03-18

References

https://github.com/mesop-dev/mesop/security/advisories/GHSA-gjgx-rvqr-6w6v
https://nvd.nist.gov/vuln/detail/CVE-2026-33057
https://github.com/mesop-dev/mesop/commit/825f55970c20686de3f28e2c66df4d74e9d4db47

Related advisories

CVE-2026-33054 — critical · PyPI/mesop
CVE-2026-34824 — high · PyPI/mesop
CVE-2025-30358 — high · PyPI/mesop

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.