Is mesop affected by CVE-2026-34824?

PyPI mesop is affected in >=1.2.3 <1.2.5.

Is CVE-2026-34824 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

high

CVE-2026-34824

Q: Is CVE-2026-34824 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

PyPI · mesop

Summary

Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service

Severity: high
EPSS: 0.7% (p49)
Also known as: GHSA-3jr7-6hqp-x679
Published: 2026-04-03

References

https://github.com/mesop-dev/mesop/security/advisories/GHSA-3jr7-6hqp-x679
https://nvd.nist.gov/vuln/detail/CVE-2026-34824
https://github.com/mesop-dev/mesop/commit/760a2079b5c609038c826d24dfbcf9b0be98d987

Related advisories

CVE-2026-33057 — critical · PyPI/mesop
CVE-2026-33054 — critical · PyPI/mesop
CVE-2025-30358 — high · PyPI/mesop

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.