CVE-2026-34444

Vulnerability Description

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code execution.

Vulnerability Details

Published Date

April 06, 2026

Last Modified

April 07, 2026

CWE ID

CWE-284

Source

NVD

Vendor

scoder

Product

lupa

External References

https://github.com/scoder/lupa/security/advisories/GHSA-69v7-xpr6-6gjm

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment