PT-2026-23726 · Mesa · Mesa
Jackiekazil
·
Published
2026-03-06
·
Updated
2026-03-29
·
CVE-2026-29075
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mesa versions prior to 3.5.1
Description
Mesa is a Python library used for agent-based modeling and simulating complex systems. A flaw exists where checking out untrusted code within the benchmarks.yml workflow could allow for code execution with elevated privileges on the runner system. This issue was addressed with commit c35b8cd.
Recommendations
Update to Mesa version 3.5.1 or later.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mesa