CVE-2026-40960 HIGH

CVE-2026-40960

Vendor Luanti
Product Luanti
Weakness CWE-670
Published April 16, 2026
Last update April 16, 2026

CVSS base score

8.1/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.

Key dates

02Disclosure timeline

April 16, 2026 CVE published
April 16, 2026 Record updated