Locutus

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-29091 HIGH PATCH This Week

Remote code execution in Locutus prior to version 3.0.0 allows unauthenticated remote attackers to execute arbitrary JavaScript code through improper validation in the call_user_func_array function, which unsafely passes user-controlled callback parameters to eval(). Applications using the vulnerable versions of this JavaScript standard library implementation are at risk of complete compromise through network-based attacks. No patch is currently available for affected deployments.

RCE Code Injection Locutus
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-25521 HIGH POC PATCH This Week

Locutus versions up to 2.0.39 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 8.8).

Code Injection Locutus Redhat
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-29091
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Locutus prior to version 3.0.0 allows unauthenticated remote attackers to execute arbitrary JavaScript code through improper validation in the call_user_func_array function, which unsafely passes user-controlled callback parameters to eval(). Applications using the vulnerable versions of this JavaScript standard library implementation are at risk of complete compromise through network-based attacks. No patch is currently available for affected deployments.

RCE Code Injection Locutus
NVD GitHub VulDB
CVE-2026-25521
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Locutus versions up to 2.0.39 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 8.8).

Code Injection Locutus Redhat
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy