Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 pypi packages depend on lupa (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.6.
DescriptionCVE.org
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code execution.
AnalysisAI
Arbitrary code execution in Lupa (Python-Lua integration library) versions ≤2.6 allows unauthenticated remote attackers to bypass attribute filtering controls via Python's getattr/setattr built-ins. The vulnerability enables attackers to circumvent sandbox restrictions designed to limit Lua runtime access to sensitive Python objects, ultimately achieving code execution in the CPython host process. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, though exploitation complexity is low per CVSS vector (AC:L, PR:N).
Technical ContextAI
Lupa (scoder/lupa, CPE 2.3:a:scoder:lupa) is a Python library that embeds Lua or LuaJIT2 runtimes into CPython, enabling bidirectional interaction between Python and Lua code. The library implements attribute_filter mechanisms to sandbox Lua code and prevent unauthorized access to Python object attributes. This vulnerability (CWE-284: Improper Access Control) stems from inconsistent enforcement of these filters when attributes are accessed indirectly through Python's built-in getattr() and setattr() functions rather than direct attribute access syntax. Attackers can leverage Lua code to invoke these built-ins with crafted attribute names, bypassing the filter logic that only protects direct attribute lookups. Since Lua code can call Python functions exposed by Lupa, this creates a path to access restricted Python internals, module imports, or subprocess execution capabilities that should be blocked by the sandbox.
RemediationAI
Upgrade Lupa to the patched version specified in the vendor security advisory at https://github.com/scoder/lupa/security/advisories/GHSA-69v7-xpr6-6gjm. The fix ensures attribute_filter enforcement applies consistently to all attribute access methods including getattr, setattr, delattr, and hasattr built-ins. Organizations unable to upgrade immediately should implement defense-in-depth controls including: disable or heavily restrict Lupa usage in untrusted contexts, run Python processes using Lupa under restricted system accounts with minimal privileges, implement application-layer input validation to reject Lua code containing getattr/setattr invocations, and deploy runtime application self-protection or syscall filtering to detect abnormal subprocess creation or network activity from Lupa-hosting processes. Review application logs for suspicious Lua script patterns attempting to access __builtins__, __import__, os, subprocess, or other sensitive Python modules through indirect attribute access.
Same weakness CWE-284 – Improper Access Control
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19346
GHSA-69v7-xpr6-6gjm