CVE-2026-40959 | Luanti up to 5.15.1 LuaJIT inclusion of functionality from untrusted control sphere (GHSA-g596-mf82-w8c3 / EUVD-2026-23149)

Inserito da Angelo Barbosa | Apr 16, 2026 | CVE

A vulnerability labeled as problematic has been found in Luanti up to 5.15.1. This impacts an unknown function of the component LuaJIT. Executing a manipulation can lead to inclusion of functionality from untrusted control sphere.

This vulnerability is registered as CVE-2026-40959. The attack needs to be launched locally. No exploit is available.

The affected component should be upgraded.

CVE-2026-40959 | Luanti up to 5.15.1 LuaJIT inclusion of functionality from untrusted control sphere (GHSA-g596-mf82-w8c3 / EUVD-2026-23149)

Post correlati

CVE-2025-53887 | Directus up to 11.8.x OpenAPI /server/specs/oas information disclosure (GHSA-rmjh-cf9q-pv7q)

CVE-2024-25817 | eza up to 0.18.1 Git buffer overflow (GHSA-3qx3-6hxr-j2ch)

CVE-2024-4786 | Lenovo Tab K10 certificate validation

CVE-2024-45127 | Adobe Commerce up to 2.4.7-p2/2.4.6-p7/2.4.5-p9/2.4.4-p10 cross site scripting (apsb24-73)