CVE-2026-0857

Vulnerability

The vulnerability is a cleartext storage of sensitive information in memory within the Mesalvo Meona application. Both the Meona Client Launcher Component (through version 19.06.2020 15:11:49) and the Meona Server Component (through version 2025.04 5+323020) fail to encrypt or mask credentials while they reside in process memory. The issue was discovered during a red team engagement against the healthcare application, which manages patient data over HTTP between client and server [1].

Exploitation

An attacker with local access to the system where the Meona client or server process is running can read the process memory. This does not require special privileges beyond being able to execute a process memory dump or attach a debugger. The credentials remain in plaintext inside the memory space of the application, allowing an attacker to extract them directly without any authentication or user interaction beyond local access [1].

Impact

Successful exploitation leads to disclosure of sensitive credentials (such as user passwords) stored in memory. An attacker can then reuse these credentials to authenticate as the affected user, potentially gaining unauthorized access to the Meona application and its patient data. This disclosure compromises the confidentiality of stored credentials and can enable lateral movement within the healthcare environment [1].

Mitigation

A fix is not yet publicly available. The vendor Mesalvo has been contacted through the coordinated vulnerability disclosure process with the support of the Austrian CERT. Users should monitor for patched versions of the Meona Client Launcher and Server components. As a workaround, limit local access to systems running the application and apply the principle of least privilege to reduce the risk of memory scraping. The component versions affected are noted as end-of-life or unpatched as of the publication date [1].