{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40960/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-40960"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-40960","luanti","access-control"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eLuanti 5, a software package (details not provided in source), prior to version 5.15.2, suffers from an improper access control vulnerability (CVE-2026-40960). This flaw can be exploited when at least one mod is configured as either \u003ccode\u003esecure.trusted_mods\u003c/code\u003e or \u003ccode\u003esecure.http_mods\u003c/code\u003e. Under these conditions, a specially crafted malicious mod can intercept requests intended for the insecure environment or HTTP API, effectively bypassing intended security controls. The vulnerability allows the malicious mod to gain unauthorized access to sensitive resources, potentially leading to data breaches or system compromise. Organizations using affected versions of Luanti 5 are urged to upgrade to version 5.15.2 or implement mitigating controls to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Luanti 5 instance running a version prior to 5.15.2 with at least one mod configured as \u003ccode\u003esecure.trusted_mods\u003c/code\u003e or \u003ccode\u003esecure.http_mods\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious mod designed to intercept HTTP requests.\u003c/li\u003e\n\u003cli\u003eThe attacker deploys the crafted mod to the Luanti 5 environment.\u003c/li\u003e\n\u003cli\u003eThe malicious mod intercepts requests directed towards the insecure environment or HTTP API.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, the malicious mod gains unauthorized access to the targeted environment or API.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the gained access to perform unauthorized actions, such as reading sensitive data or manipulating system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates sensitive data or establishes persistent access for future malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40960 can lead to complete compromise of the insecure environment or HTTP API within Luanti 5. This could result in unauthorized access to sensitive data, modification of system configurations, or complete system takeover. The severity of the impact depends on the specific functionality and data exposed by the insecure environment, but could include data breaches, financial loss, or reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Luanti 5 to version 5.15.2 or later to patch CVE-2026-40960.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, review the configuration of \u003ccode\u003esecure.trusted_mods\u003c/code\u003e and \u003ccode\u003esecure.http_mods\u003c/code\u003e and remove any untrusted or unnecessary mods.\u003c/li\u003e\n\u003cli\u003eMonitor Luanti 5 webserver logs for suspicious HTTP requests originating from unusual or newly deployed mods using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement strict access control policies for deploying and managing Luanti 5 mods to prevent unauthorized installation of malicious modules.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-16T01:16:11Z","date_published":"2026-04-16T01:16:11Z","id":"/briefs/2026-04-luanti-access/","summary":"Luanti 5 before 5.15.2 allows unintended access to an insecure environment if a crafted mod intercepts requests when secure mods are enabled, potentially leading to unauthorized access and control.","title":"Luanti 5 Improper Access Control Vulnerability (CVE-2026-40960)","url":"https://feed.craftedsignal.io/briefs/2026-04-luanti-access/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-40960","version":"https://jsonfeed.org/version/1.1"}