CVE-2026-34444

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 06, 2026

Vendor unknown

Description

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code execution.

References

https://github.com/scoder/lupa/security/advisories/GHSA-69v7-xpr6-6gjm