47 matches found
USN-8366-1: Luanti vulnerabilities
It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...
SUSE CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196
A flaw was found in Luanti formerly Minetest, an open-source game platform. A malicious mod, when executed within the LuaJIT environment, can bypass security restrictions designed to isolate it. This allows the mod to execute unauthorized code and gain full access to the user's device, potentiall...
CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
DEBIAN-CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
UBUNTU-CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196
Luanti (formerly Minetest) has a sandbox escape in LuaJIT affecting versions 5.0.0 through 5.15.1 (prior to 5.15.2). A malicious mod can escape the sandboxed Lua environment and run arbitrary code with full filesystem access on the user’s device, across server-side mods (including async and mapge...
CVE-2026-41196 Luanti has a mod security sandbox escape
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196 Luanti has a mod security sandbox escape
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
Luanti 代码注入漏洞
Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti from 5.0.0 to 5.15.2 had a code injection vulnerability. This vulnerability stemmed from the ability of malicious mods to escape the sandbox Lua environment, potentially...
Linux Distros Unpatched Vulnerability : CVE-2026-41196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially...
PT-2026-34594
Name of the Vulnerable Software and Affected Versions Luanti versions 5.0.0 through 5.15.1 Description A malicious mod can escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This issue affects server-side mods, async, mapgen, and...
Debian dsa-6217 : luanti - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6217 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6217-1 [email protected] https://www.debian.org/securit...
[SECURITY] [DSA 6217-1] luanti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6217-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2026 https://www.debian.org/security/faq -...
SUSE CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
SUSE CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40959
A flaw was found in Luanti, specifically when using LuaJIT. A local attacker can exploit this vulnerability by providing a crafted mod. This can lead to a Lua sandbox escape, allowing the attacker to bypass security restrictions and potentially gain confidentiality, integrity, and availability...
CVE-2026-40960
A flaw was found in Luanti. When at least one module mod is configured as trusted or secure, a specially crafted module can intercept requests to an insecure environment or the HTTP API. This allows the crafted module to gain unintended access to sensitive information and functionality within tha...