CVE-2026-22208P2CRITICALCVSS 9.6fixed in 753cf294434e8d3961f20a567c4d99151e3b530d2026-02-17
CVE-2026-22208 [CRITICAL] CWE-749 CVE-2026-22208: OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues
nvd