USN-8366-1
- Source
- https://ubuntu.com/security/notices/USN-8366-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8366-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8366-1
- Upstream
- Related
- Published
- 2026-06-02T12:48:54Z
- Modified
- 2026-06-02T18:33:04.021274908Z
- Summary
- luanti vulnerabilities
- Details
-
It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40959)
It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could possibly use this issue to obtain unintended access to the insecure environment or HTTP API. (CVE-2026-40960)
- References
Affected packages
Ubuntu:25.10 / luanti
Package
- Name
- luanti
- Purl
- pkg:deb/ubuntu/luanti?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.0+dfsg-5+deb13u1build0.25.10.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.25.10.1",
"binary_name": "luanti"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.25.10.1",
"binary_name": "luanti-data"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.25.10.1",
"binary_name": "luanti-server"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.25.10.1",
"binary_name": "minetest"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.25.10.1",
"binary_name": "minetest-data"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.25.10.1",
"binary_name": "minetest-server"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8366-1.json"
cves_map
{
"ecosystem": "Ubuntu:25.10",
"cves": [
{
"id": "CVE-2026-40959",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-40960",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:26.04:LTS / luanti
Package
- Name
- luanti
- Purl
- pkg:deb/ubuntu/luanti?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.0+dfsg-5+deb13u1build0.26.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.26.04.1",
"binary_name": "luanti"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.26.04.1",
"binary_name": "luanti-data"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.26.04.1",
"binary_name": "luanti-server"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.26.04.1",
"binary_name": "minetest"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.26.04.1",
"binary_name": "minetest-data"
},
{
"binary_version": "5.10.0+dfsg-5+deb13u1build0.26.04.1",
"binary_name": "minetest-server"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8366-1.json"
cves_map
{
"ecosystem": "Ubuntu:26.04:LTS",
"cves": [
{
"id": "CVE-2026-40959",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-40960",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}