The Mesop UI framework is vulnerable to a critical, unauthenticated remote code execution flaw that allows attackers to gain full host-machine command rights.

An explicit web endpoint (/exec-py) in the ai/ testing module infrastructure unconditionally ingests and executes base64-encoded Python code strings. This endpoint lacks authentication, allowing any individual who can route HTTP traffic to the server to execute arbitrary commands on the host machine.

This is a worst-case scenario vulnerability with a CVSS score of 9.8. An attacker can gain complete control over the server running the Mesop application, leading to total data compromise, installation of malware, or use of the host for lateral movement. The presence of a "debugging" endpoint in production environments poses an extreme risk.

Immediate Action: Update Mesop to version 1.2.3 immediately. If an update is not possible, disable or remove the ai/sandbox/wsgi_app.py module from the deployment.

Proactive Monitoring: Scan for the presence of the /exec-py route in your environment and monitor for any POST requests to this endpoint, which are likely malicious.

Compensating Controls: Use network-level filtering to block access to internal testing or debugging routes and ensure that development frameworks are not deployed with testing modules enabled in production.

Public Exploit Available: No

The severity of this RCE flaw cannot be overstated. IT teams must ensure that no Mesop applications are running version 1.2.2 or below in any accessible environment. Immediate patching to version 1.2.3 is mandatory to prevent total system compromise.