Description

Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession of WebSocket messages, forcing the server to spawn an unbounded number of operating system threads. This leads to thread exhaustion and Out of Memory (OOM) errors, causing a complete Denial of Service (DoS) for any application built on the framework. This issue has been patched in version 1.2.5.

INFO

Published Date :

2026-04-03T22:41:34.828Z

Last Modified :

2026-04-06T15:42:06.793Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34824 vulnerability.

Vendors Products
Mesop-dev
  • Mesop
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34824.

URL Resource
https://github.com/mesop-dev/mesop/commit/760a2079b5c609038c826d24dfbcf9b0be98d987 cve-icon cve-icon
https://github.com/mesop-dev/mesop/releases/tag/v1.2.5 cve-icon cve-icon
https://github.com/mesop-dev/mesop/security/advisories/GHSA-3jr7-6hqp-x679 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact