Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-22314 -- CVSS 9.0 Vulnerability Briefing

CVE-2026-22314 | CVSS 9.0 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-22314 is a code injection vulnerability affecting the Mesalvo Meona Client Launcher Component and Mesalvo Meona Server Component, enabling arbitrary code execution on systems belonging to other users of the platform.

Technical Detail

The flaw stems from improper control of code generation within the Meona client and server components, a class of vulnerability where attacker-supplied input is processed in a way that allows it to be interpreted and executed as code. An attacker who can interact with the affected components, potentially through crafted input delivered via the client-server communication channel, may be able to trigger remote code execution on other users' systems without requiring those users to take any explicit action. The impact is full code execution in the context of the targeted user's session or system, which may facilitate lateral movement, data exfiltration, or persistent access depending on privilege levels involved.

Exploitation Status

No known exploit has been documented for this vulnerability at this time. The exploit maturity is currently unverified, meaning no public proof-of-concept, operational tooling, or commoditized exploit code has been confirmed. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog as of the date of this briefing. The CVSS score of 9.0 reflects the theoretical severity of successful exploitation, not confirmed in-the-wild activity.

Who Is Targeting This

Confirmed (ATTAX-verified): TA577 (origin unspecified, motivation unknown); Moonstone Sleet (DPRK, nation-state motivation); Lazarus Group (DPRK, nation-state motivation); APT29 (Russia, nation-state motivation). All four actors are attributed with high confidence. The presence of two DPRK-linked groups alongside a prominent Russian state actor and a financially motivated threat cluster suggests this vulnerability has drawn broad interest across distinct threat categories. No reported (research-inferred) actors are listed separately at this time.

What To Do

Given the critical CVSS score of 9.0 and confirmed interest from multiple high-capability nation-state and financially motivated threat actors, patching should be treated as a high priority. Organizations running Mesalvo Meona in any capacity, whether the client launcher or server component, should apply vendor-supplied patches immediately upon availability and verify that both components are updated, as the vulnerability spans both. If patching is not immediately possible, restrict network access to the Meona server component to trusted hosts only and audit client-server communication paths for anomalous or unexpected code execution patterns. Monitor endpoint telemetry for unusual process spawning originating from Meona client or server processes. Contact Mesalvo directly for patch availability timelines and interim guidance if official advisories have not yet been published.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →