Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Luanti 5 before 5.15.2 Can Leak Sensitive Information
DEBIAN-CVE-2026-40960
Summary
If you're using Luanti 5 before version 5.15.2, a malicious module can potentially access sensitive areas of your system. This is because the software doesn't properly check the security settings for certain modules. To fix this, update to version 5.15.2 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:13 | debian | luanti | All versions |
| Debian:14 | debian | luanti | All versions |
Original title
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the ...
Original description
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.
- https://security-tracker.debian.org/tracker/CVE-2026-40960 Vendor Advisory
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026