CVE-2026-22208

CRITICAL 9.6

OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access

CVSS Score

9.6

EPSS Score

0.0%

EPSS Percentile

0th

OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.

CWE	CWE-749 CWE-829
Vendor	opens100 project
Product	opens100
Published	Feb 17, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for opens100 project opens100

Be the first to know when new critical vulnerabilities affecting opens100 project opens100 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

OpenS100 Project / OpenS100

0 < 753cf294434e8d3961f20a567c4d99151e3b530d

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mdpi.com: https://www.mdpi.com/1424-8220/26/4/1246 github.com: https://github.com/S-100ExpertTeam/OpenS100/commit/753cf294434e8d3961f20a567c4d99151e3b530d vulncheck.com: https://www.vulncheck.com/advisories/opens100-portrayal-engine-unrestricted-lua-standard-library-access

Credits

Hoyeon Cho, National Korea Maritime and Ocean University