locutusjs CVE Debriefs

CRITICAL locutusjs CVE published 2026-02-04

CVE-2026-25521

CVE-2026-25521 is a critical vulnerability in Locutus, a JavaScript library that brings standard libraries of other programming languages to JavaScript for educational purposes. The vulnerability, with a CVSS score of 9.4, allows for prototype pollution via a crafted input using String.prototype. This issue exists in versions from 2.0.12 to before 2.0.39. Despite a previous fix attempting to mitigate prot [truncated]

locutusjs CVE debriefs

CVE-2026-25521