CVE-2026-40959

CRITICAL

Luanti 5 <5.15.2 - Sandbox Escape

Title source: llm

Description

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.

References (3)

Scores

CVSS v3 9.3
EPSS 0.0001
EPSS Percentile 0.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-829
Status published
Products (1)
Luanti/Luanti 5.0.0 - 5.15.2
Published Apr 16, 2026
Tracked Since Apr 16, 2026