Total.js RCE gadgets all around

April 10, 2026
aisecuritybusinesslaw

Overview

It has been reported that security researcher Diyan Apostolov has found multiple remote code execution (RCE) paths in Total.js framework versions 4 and 5. Total.js prides itself on zero external dependencies — tidy for supply-chain hygiene — but that same self-contained design has allegedly harbored dangerous attack surface: code injection, prototype pollution and sandbox escapes that can be chained into RCE. If you like a good rabbit hole, the researcher says the U.set()/U.get() path was the one that really got them excited.

How the trick works

At the sharp end is the TextDB/NoSQL query builder: a .rule() API accepts raw JavaScript expressions and those strings get compiled with new Function(...) in an internal QueryBuilder.filter() sink. The framework tried a lazy blacklist that only looks for literal “require” and “global” tokens — easy to sidestep. The result? An attacker able to feed unsanitized filter code can invoke process or reach the Function constructor and execute arbitrary commands. Yes, it can return command output in responses; yes, it can be used to write files. Scary. Not surprising, but still ugly.

Real-world impact

What does this mean for operators? Remote, unauthenticated attackers can potentially run any command the Total.js process user can, exfiltrate data, or drop a backdoor — all without pulling in a malicious npm package. It has been reported that the researcher demonstrated both non‑blind and blind RCE variants and laid out bypasses for the weak blacklist. In short: apps using TextDB/NoSQL and exposing .rule()-style filters are at risk until patched or mitigated.

Response and takeaways

If you run Total.js, audit any feature that accepts executable strings from users, disable or sandbox TextDB/NoSQL filters, and treat any server-side evaluator as hostile by default. Patching is the obvious fix; input sanitization and removing dynamic evaluation are the real cure. This is also a reminder: fewer dependencies don’t automatically mean fewer problems. Who knew a self-contained framework could still trip over its own magic tricks?

Sources: criticalthinkingpodcast.github.io, Lobsters