Luanti (formerly Minetest) v5.15.2 brings critical security updates

By Liam Dawe - 15 Apr 2026 at 10:46 am UTC

Luanti (formerly Minetest) is the popular free and open source voxel game engine powering some really fun experiences and a critical update is out now.

It's not a game by itself, Luanti is more of a platform / game engine. You can play games like VoxeLibre, which is very similar to Minecraft. A good alternative to Minecraft if you're looking for something even more moddable and completely free.

If you or anyone you know regularly play, you'll want to ensure you grab the newly released version 5.15.2 as soon as possible. Two critical security issues were found and fixed with this release. These include:

HTTP API and insecure environment access control bypass

If at least one mod is listed as secure.trusted_mods / secure.http_mods, then a malicious mod can intercept the request for the insecure environment / HTTP API, and also receive access to it.

Mod security sandbox escape

A malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device.
This applies to the server-side mod, async and mapgen as well as the client-side (CSM) environments.

This vulnerability is only exploitable when using LuaJIT. You can use luanti --version to determine the type of Lua in use.

Source: Changelog

Article taken from GamingOnLinux.com.

Tags: Native Linux, Security, Casual, Free Game, Open Source, Open World, Sandbox | Apps: Luanti (formerly Minetest)

3 Likes

About the author - Liam Dawe

I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me

Some you may have missed, popular articles from the last month:

Raspberry Pi prices rise again, along with a new 3GB Raspberry Pi 4 announced

Framework becomes a KDE Patron helping to fund open source

Valve makes huge changes to the Steam Workshop - now more Mobile and Steam Deck friendly

Fans of Portal and first-person puzzlers will definitely want to check out He Who Watches

All posts need to follow our rules. Please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Readers can also email us for any issues or concerns.

2 comments

RubyRose136 56 minutes ago

Flag

Not specifically related to this article, but this may be a concern for you: Luanti is [now being coded with AI](https://github.com/luanti-org/luanti/commit/e6f0377ea2cb60c0c267b9ea570c1b4cc059d5b7) and its ContentDB [allows AI-generated content](https://content.luanti.org/policy_and_guidance/#43-ai-generated-content) as well.

1 Likes

scaine 46 minutes ago

Flag

Contributing Editor
Mega Supporter

View PC info

Quoting: RubyRose136Not specifically related to this article, but this may be a concern for you: Luanti is [now being coded with AI](https://github.com/luanti-org/luanti/commit/e6f0377ea2cb60c0c267b9ea570c1b4cc059d5b7) and its ContentDB [allows AI-generated content](https://content.luanti.org/policy_and_guidance/#43-ai-generated-content) as well.

As much as I despise genAI, this kind of commit is how it should be used - security checking existing, well-written code for best practise

And tools like this existed for years before the 2022 genAI "boom", it was simply that the masses couldn't afford them, because they were Enterprise-level CI/CD DevOps tools.

1 Likes

While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations:

PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!