Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Mesa: Untrusted code can run with elevated privileges in benchmarks
CVE-2026-29075
Summary
A bug in Mesa versions 3.5.0 and earlier allows untrusted code to run with extra permissions, potentially leading to security issues. This could happen if you use Mesa's benchmarking feature with untrusted code, which is not recommended. Update to the latest version of Mesa to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mesa_project | mesa | <= 3.5.0 | – |
Original title
Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks...
Original description
Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commit c35b8cd.
nvd CVSS3.1
8.3
Vulnerability type
CWE-94
Code Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026