CVE-2026-40960

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.1 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.

Vulnerability Details

Published Date

April 16, 2026

Last Modified

April 16, 2026

CWE ID

CWE-670

Source

NVD

Vendor

Luanti

Product

Luanti

External References

https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413
https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c
https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4

CVE-2026-40960

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment