Home / mailings [USN-8366-1] Luanti vulnerabilities
Posted on 02 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8366-1
June 02, 2026
luanti vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
Summary:
Several security issues were fixed in Luanti.
Software Description:
- luanti: free and open-source voxel game engine
Details:
It was discovered that Luanti, when using LuaJIT, did not properly
enforce Lua sandbox restrictions. An attacker could possibly use
this issue to execute arbitrary code. (CVE-2026-40959)
It was discovered that Luanti did not properly restrict access to
insecure environments. An attacker could possibly use this issue to
obtain unintended access to the insecure environment or HTTP API.
(CVE-2026-40960)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
luanti 5.10.0+dfsg-5+deb13u1build0.26.04.1
luanti-data 5.10.0+dfsg-5+deb13u1build0.26.04.1
luanti-server 5.10.0+dfsg-5+deb13u1build0.26.04.1
Ubuntu 25.10
luanti 5.10.0+dfsg-5+deb13u1build0.25.10.1
luanti-data 5.10.0+dfsg-5+deb13u1build0.25.10.1
luanti-server 5.10.0+dfsg-5+deb13u1build0.25.10.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8366-1
CVE-2026-40959, CVE-2026-40960
Package Information:
https://launchpad.net/ubuntu/+source/luanti/5.10.0+dfsg-5+deb13u1build0.26.04.1
https://launchpad.net/ubuntu/+source/luanti/5.10.0+dfsg-5+deb13u1build0.25.10.1
--===============5778571086849218494==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
