Wikimedia Scribunto and Luasandbox Vulnerability Allowing Unrestricted File Inclusion

Vulnerability

A vulnerability exists in Wikimedia Foundation's Scribunto and Luasandbox components, specifically in certain versions of Scribunto prior to 1.39.16, as well as 1.43.6, 1.44.3, and 1.45.1. The issue also affects Luasandbox versions prior to fea2304f8f6ab30314369a612f4f5b165e68e95a. This vulnerability is related to unrestricted file inclusion in the Lua initialization file, which could potentially be exploited to include arbitrary files and execute malicious code.

Impact

Exploitation of this vulnerability could lead to arbitrary file inclusion, allowing attackers to include and execute files of their choice, potentially leading to further exploitation of the application or server.

Added: Feb 3, 2026, 2:36 AM

Updated: Feb 3, 2026, 2:36 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.6

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.6

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wikimedia Scribunto and Luasandbox Vulnerability Allowing Unrestricted File Inclusion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating