High severity8.8NVD Advisory· Published Jun 29, 2024· Updated Apr 15, 2026

CVE-2024-39840

Description

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

memorycorruption.net/posts/rce-lua-factorio/nvd
news.ycombinator.com/itemnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000