Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
LuaJIT with Luaanti 5 can be hacked through a malicious module
DEBIAN-CVE-2026-40959
Summary
A security issue affects LuaJIT users who also use Luaanti 5. If a malicious module is created, it could potentially allow an attacker to bypass the sandbox and gain unauthorized access. If you use Luaanti 5 with LuaJIT, update to version 5.15.2 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:13 | debian | luanti | All versions |
| Debian:14 | debian | luanti | All versions |
Original title
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
Original description
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
- https://security-tracker.debian.org/tracker/CVE-2026-40959 Vendor Advisory
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026