Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using String.prototype. This issue has been patched in version 2.0.39.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-25521
  • Locutus » Locutus » Version: 2.0.12
    cpe:2.3:a:locutus:locutus:2.0.12
  • Locutus » Locutus » Version: 2.0.13
    cpe:2.3:a:locutus:locutus:2.0.13
  • Locutus » Locutus » Version: 2.0.14
    cpe:2.3:a:locutus:locutus:2.0.14
  • Locutus » Locutus » Version: 2.0.15
    cpe:2.3:a:locutus:locutus:2.0.15
  • Locutus » Locutus » Version: 2.0.16
    cpe:2.3:a:locutus:locutus:2.0.16
  • Locutus » Locutus » Version: 2.0.17
    cpe:2.3:a:locutus:locutus:2.0.17
  • Locutus » Locutus » Version: 2.0.19
    cpe:2.3:a:locutus:locutus:2.0.19
  • Locutus » Locutus » Version: 2.0.20
    cpe:2.3:a:locutus:locutus:2.0.20
  • Locutus » Locutus » Version: 2.0.21
    cpe:2.3:a:locutus:locutus:2.0.21
  • Locutus » Locutus » Version: 2.0.22
    cpe:2.3:a:locutus:locutus:2.0.22
  • Locutus » Locutus » Version: 2.0.23
    cpe:2.3:a:locutus:locutus:2.0.23
  • Locutus » Locutus » Version: 2.0.24
    cpe:2.3:a:locutus:locutus:2.0.24
  • Locutus » Locutus » Version: 2.0.25
    cpe:2.3:a:locutus:locutus:2.0.25
  • Locutus » Locutus » Version: 2.0.26
    cpe:2.3:a:locutus:locutus:2.0.26
  • Locutus » Locutus » Version: 2.0.27
    cpe:2.3:a:locutus:locutus:2.0.27
  • Locutus » Locutus » Version: 2.0.28
    cpe:2.3:a:locutus:locutus:2.0.28
  • Locutus » Locutus » Version: 2.0.29
    cpe:2.3:a:locutus:locutus:2.0.29
  • Locutus » Locutus » Version: 2.0.30
    cpe:2.3:a:locutus:locutus:2.0.30
  • Locutus » Locutus » Version: 2.0.31
    cpe:2.3:a:locutus:locutus:2.0.31
  • Locutus » Locutus » Version: 2.0.32
    cpe:2.3:a:locutus:locutus:2.0.32
  • Locutus » Locutus » Version: 2.0.33
    cpe:2.3:a:locutus:locutus:2.0.33
  • Locutus » Locutus » Version: 2.0.34
    cpe:2.3:a:locutus:locutus:2.0.34
  • Locutus » Locutus » Version: 2.0.35
    cpe:2.3:a:locutus:locutus:2.0.35
  • Locutus » Locutus » Version: 2.0.36
    cpe:2.3:a:locutus:locutus:2.0.36
  • Locutus » Locutus » Version: 2.0.37
    cpe:2.3:a:locutus:locutus:2.0.37
  • Locutus » Locutus » Version: 2.0.38
    cpe:2.3:a:locutus:locutus:2.0.38


Contact Us

Shodan ® - All rights reserved