Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-29091

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an insecure implementation of the call_user_func_array function (and its wrapper call_user_func), which fails to properly validate all components of a callback array before passing them to eval(). This issue has been patched in version 3.0.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.6%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-29091
  • Locutus » Locutus » Version: N/A
    cpe:2.3:a:locutus:locutus:-
  • Locutus » Locutus » Version: 1.3.2
    cpe:2.3:a:locutus:locutus:1.3.2
  • Locutus » Locutus » Version: 2.0.0
    cpe:2.3:a:locutus:locutus:2.0.0
  • Locutus » Locutus » Version: 2.0.1
    cpe:2.3:a:locutus:locutus:2.0.1
  • Locutus » Locutus » Version: 2.0.10
    cpe:2.3:a:locutus:locutus:2.0.10
  • Locutus » Locutus » Version: 2.0.11
    cpe:2.3:a:locutus:locutus:2.0.11
  • Locutus » Locutus » Version: 2.0.12
    cpe:2.3:a:locutus:locutus:2.0.12
  • Locutus » Locutus » Version: 2.0.13
    cpe:2.3:a:locutus:locutus:2.0.13
  • Locutus » Locutus » Version: 2.0.14
    cpe:2.3:a:locutus:locutus:2.0.14
  • Locutus » Locutus » Version: 2.0.15
    cpe:2.3:a:locutus:locutus:2.0.15
  • Locutus » Locutus » Version: 2.0.16
    cpe:2.3:a:locutus:locutus:2.0.16
  • Locutus » Locutus » Version: 2.0.17
    cpe:2.3:a:locutus:locutus:2.0.17
  • Locutus » Locutus » Version: 2.0.19
    cpe:2.3:a:locutus:locutus:2.0.19
  • Locutus » Locutus » Version: 2.0.2
    cpe:2.3:a:locutus:locutus:2.0.2
  • Locutus » Locutus » Version: 2.0.20
    cpe:2.3:a:locutus:locutus:2.0.20
  • Locutus » Locutus » Version: 2.0.21
    cpe:2.3:a:locutus:locutus:2.0.21
  • Locutus » Locutus » Version: 2.0.22
    cpe:2.3:a:locutus:locutus:2.0.22
  • Locutus » Locutus » Version: 2.0.23
    cpe:2.3:a:locutus:locutus:2.0.23
  • Locutus » Locutus » Version: 2.0.24
    cpe:2.3:a:locutus:locutus:2.0.24
  • Locutus » Locutus » Version: 2.0.25
    cpe:2.3:a:locutus:locutus:2.0.25
  • Locutus » Locutus » Version: 2.0.26
    cpe:2.3:a:locutus:locutus:2.0.26
  • Locutus » Locutus » Version: 2.0.27
    cpe:2.3:a:locutus:locutus:2.0.27
  • Locutus » Locutus » Version: 2.0.28
    cpe:2.3:a:locutus:locutus:2.0.28
  • Locutus » Locutus » Version: 2.0.29
    cpe:2.3:a:locutus:locutus:2.0.29
  • Locutus » Locutus » Version: 2.0.3
    cpe:2.3:a:locutus:locutus:2.0.3
  • Locutus » Locutus » Version: 2.0.30
    cpe:2.3:a:locutus:locutus:2.0.30
  • Locutus » Locutus » Version: 2.0.31
    cpe:2.3:a:locutus:locutus:2.0.31
  • Locutus » Locutus » Version: 2.0.32
    cpe:2.3:a:locutus:locutus:2.0.32
  • Locutus » Locutus » Version: 2.0.33
    cpe:2.3:a:locutus:locutus:2.0.33
  • Locutus » Locutus » Version: 2.0.34
    cpe:2.3:a:locutus:locutus:2.0.34
  • Locutus » Locutus » Version: 2.0.35
    cpe:2.3:a:locutus:locutus:2.0.35
  • Locutus » Locutus » Version: 2.0.36
    cpe:2.3:a:locutus:locutus:2.0.36
  • Locutus » Locutus » Version: 2.0.37
    cpe:2.3:a:locutus:locutus:2.0.37
  • Locutus » Locutus » Version: 2.0.38
    cpe:2.3:a:locutus:locutus:2.0.38
  • Locutus » Locutus » Version: 2.0.39
    cpe:2.3:a:locutus:locutus:2.0.39
  • Locutus » Locutus » Version: 2.0.4
    cpe:2.3:a:locutus:locutus:2.0.4
  • Locutus » Locutus » Version: 2.0.5
    cpe:2.3:a:locutus:locutus:2.0.5
  • Locutus » Locutus » Version: 2.0.6
    cpe:2.3:a:locutus:locutus:2.0.6
  • Locutus » Locutus » Version: 2.0.7
    cpe:2.3:a:locutus:locutus:2.0.7
  • Locutus » Locutus » Version: 2.0.8
    cpe:2.3:a:locutus:locutus:2.0.8
  • Locutus » Locutus » Version: 2.0.9
    cpe:2.3:a:locutus:locutus:2.0.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved