LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-40959

CVE-2026-40959 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: April 17, 2026

Luanti - Sandbox Escape

Published: April 16, 2026Updated: April 17, 2026

Overview

Luanti 5 < 5.15.2 contains a sandbox escape caused by crafted mod exploiting LuaJIT, letting attackers escape Lua sandbox, exploit requires use of LuaJIT.

Severity & Score

Severity: Critical
CVSS Score: 9.3
EPSS Score: 0.4%(Probability of exploitation in next 30 days)

Impact

Attackers can escape the Lua sandbox, potentially executing arbitrary code or commands.

Mitigation

Update to version 5.15.2 or later.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 16, 2026

šŸ”“ CVE-2026-40959 - Critical (9.3) Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40959/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-40959
Severity
Critical
CVSS Score
9.3
Type
undefined
Status
unconfirmed
EPSS
0.4%
Social Posts
1

CWE

  • CWE-829

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.4%Probability of exploitation in the next 30 days