Luanti
by Luanti Org
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41196 | Cri | 0.58 | 10.0 | 0.00 | Apr 23, 2026 | Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device.… | ||
| CVE-2026-40959 | Cri | 0.53 | 9.3 | 0.00 | Apr 16, 2026 | Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. | ||
| CVE-2026-40960 | Hig | 0.46 | 8.1 | 0.00 | Apr 16, 2026 | Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it. |
- risk 0.58cvss 10.0epss 0.00
Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device.…
- risk 0.53cvss 9.3epss 0.00
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
- risk 0.46cvss 8.1epss 0.00
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.