CVE-2026-34444

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lupa versions 2.6 and earlier

Description Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In versions 2.6 and earlier, the attribute filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass intended restrictions and potentially achieve arbitrary code execution.

Recommendations Update to a version of Lupa later than 2.6.

Fix

Protection Mechanism Failure

Improper Access Control

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-284CWE-639

Related Identifiers

CVE-2026-34444

GHSA-69V7-XPR6-6GJM

OPENSUSE-SU-2026:10507-1

Affected Products

Lupa

CVE-2026-34444

Weakness Enumeration

Related Identifiers

Affected Products

References · 16