Home / Vulnerability Intelligence / CVE-2026-40959

CVE-2026-40959 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: April 16, 2026

Luanti - Sandbox Escape

Published: April 16, 2026Updated: April 16, 2026

Overview

Luanti 5 < 5.15.2 contains a sandbox escape caused by crafted mod exploiting LuaJIT, letting attackers escape Lua sandbox, exploit requires use of LuaJIT.

Severity & Score

Severity: Critical

CVSS Score: 9.3

Impact

Attackers can escape the Lua sandbox, potentially executing arbitrary code or commands.

Mitigation

Update to version 5.15.2 or later.

References

https://github.com/luanti-org/luanti/commit/53cef183e2a85a4daff84ac1a9a7946f940da8f8
https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896
https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-40959
Severity: Critical
CVSS Score: 9.3
Type: undefined
Status: new

CWE

CWE-829

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H