Description

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.

INFO

Published Date :

2026-04-16T00:54:45.935Z

Last Modified :

2026-04-16T12:31:57.082Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40960 vulnerability.

Vendors Products
Luanti
  • Luanti
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40960.

URL Resource
https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413 cve-icon cve-icon
https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c cve-icon cve-icon
https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact