CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

PT-2026-30661

Name of the Vulnerable Software and Affected Versions Lupa versions 2.6 and earlier Description Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In versions 2.6 and earlier, the attribute filter is not consistently applied when attributes are accessed through built-in functions like...

Lupa 安全漏洞

Lupa is a bridging library developed by Scoder’s individual developers, which embeds the Lua runtime into Python. Versions of Lupa 2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the property filter was not consistently applied in built-in...

Fedora 43 : libinput (2026-5aafda8cd8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5aafda8cd8 advisory. libinput 1.30.3, fixes Lua plugin sandbox escape CVE-2026-35093,CVE-2026-35094 Tenable has extracted the preceding description block directly from t...

CVE-2026-5339

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

SUSE CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

SUSE CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

EUVD-2026-18342

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

EUVD-2026-18340

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

CVE-2026-5339

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

CVE-2026-5339 Tenda G103 Setting gpon.lua action_set_net_settings command injection

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

CVE-2026-5339

CVE-2026-5339 affects Tenda G103 1.0.0.5. The vulnerability is in the Setting Handler’s gpon.lua, function action_set_net_settings, where manipulating authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority enables command injection remotely. Public exploit av...

CVE-2026-5339 Tenda G103 Setting gpon.lua action_set_net_settings command injection

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

CVE-2026-5338 Tenda G103 Setting system.lua action_set_system_settings command injection

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

Tenda G103 命令注入漏洞

The Tenda G103 is a GPON fiber access device designed specifically for home and SOHO users by the Chinese company Tenda. Version 1.0.0.5 of the Tenda G103 contains a command injection vulnerability. This vulnerability stems from improper handling of parameters such as...

Linux Distros Unpatched Vulnerability : CVE-2026-35093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypas...

PT-2026-29748

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action set net settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument...

Linux Distros Unpatched Vulnerability : CVE-2026-35094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. Th...