FKIE_CVE-2026-42041

Vulnerability from fkie_nvd - Published: 2026-04-24 18:16 - Updated: 2026-06-30 03:19
Severity
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), causing them to be treated as successful responses. This completely bypasses application-level authentication and error handling. The root cause is that validateStatus is the only config property using the mergeDirectKeys merge strategy, which uses JavaScript's in operator — an operator that inherently traverses the prototype chain. When Object.prototype.validateStatus is polluted with () => true, all HTTP status codes are accepted as success. This vulnerability is fixed in 1.15.1 and 0.31.1.
References
security-advisories@github.comhttps://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63Exploit, Mitigation, Vendor Advisory
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:14937
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:16476
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:16532
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:16534
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:16535
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:16542
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:16874
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:17468
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:17474
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:17657
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:17699
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:19109
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:19375
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:20889
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:20938
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:21017
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:21338
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:21772
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:22465
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:22619
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:22629
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:22840
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:23361
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:24536
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:24539
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:24853
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:24977
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:25041
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:25089
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:25271
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:25273
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:26214
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:26225
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:26232
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:26234
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/security/cve/CVE-2026-42041
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://bugzilla.redhat.com/show_bug.cgi?id=2461629
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63Exploit, Mitigation, Vendor Advisory
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42041.json
Impacted products
Vendor Product Version
axios axios *
axios axios *
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.15.1"
            },
            {
              "status": "affected",
              "version": "\u003c 0.31.1"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    },
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
          ],
          "defaultStatus": "affected",
          "product": "HawtIO HawtIO 4.4.0",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:network_observ_optr:1.11::el9"
          ],
          "defaultStatus": "affected",
          "product": "Network Observability (NETOBSERV) 1.11.2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:acm:2.15::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:acm:2.16::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Data Grid 8.6.1",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhdh:1.8::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Developer Hub 1.8",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhdh:1.9::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Developer Hub 1.9",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhmt:1.8::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Migration Toolkit 1.8",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.25::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift AI 2.25",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:openshift:4.20::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Container Platform 4.20",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:openshift:4.21::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Container Platform 4.21",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3.28::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Dev Spaces 3.28",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:service_mesh:2.6::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Service Mesh 2.6",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:service_mesh:3.0::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Service Mesh 3.0",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:service_mesh:3.1::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Service Mesh 3.1",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:service_mesh:3.2::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Service Mesh 3.2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:service_mesh:3.3::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Service Mesh 3.3",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.12::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.12",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.14::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.14",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.15::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.15",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.16::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.16",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.17::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.17",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.10::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.1",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.9::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.9",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:satellite:6.18::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Satellite 6.18",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:multicluster_engine:2.10::el9"
          ],
          "defaultStatus": "affected",
          "product": "multicluster engine for Kubernetes 2.10",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:multicluster_engine:2.11::el9"
          ],
          "defaultStatus": "affected",
          "product": "multicluster engine for Kubernetes 2.11",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:multicluster_engine:2.6::el9"
          ],
          "defaultStatus": "affected",
          "product": "multicluster engine for Kubernetes 2.6",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:multicluster_engine:2.8::el9"
          ],
          "defaultStatus": "affected",
          "product": "multicluster engine for Kubernetes 2.8",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:multicluster_engine:2.9::el9"
          ],
          "defaultStatus": "affected",
          "product": "multicluster engine for Kubernetes 2.9",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_applications:8"
          ],
          "defaultStatus": "affected",
          "product": "Migration Toolkit for Applications 8",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:red_hat_3scale_amp:2"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat 3scale API Management Platform 2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:service_registry:2"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat build of Apicurio Registry 2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:apicurio_registry:3"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat build of Apicurio Registry 3",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:podman_desktop:0"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Build of Podman Desktop - Tech Preview",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:ansible_portal:2"
          ],
          "defaultStatus": "affected",
          "product": "Self-service automation portal 2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:cryostat:4"
          ],
          "defaultStatus": "unaffected",
          "product": "Cryostat 4",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:gatekeeper:3"
          ],
          "defaultStatus": "unaffected",
          "product": "Gatekeeper 3",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "unaffected",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:trusted_profile_analyzer:2"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Trusted Profile Analyzer",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:amq_streams:2"
          ],
          "defaultStatus": "unaffected",
          "product": "streams for Apache Kafka 2",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:amq_streams:3"
          ],
          "defaultStatus": "unaffected",
          "product": "streams for Apache Kafka 3",
          "vendor": "Red Hat"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "7D2B28C9-026E-4CD6-BD17-7EDD42108106",
              "versionEndExcluding": "0.31.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "3EC1EF30-EBB8-410B-90FB-1F18A3545C2E",
              "versionEndExcluding": "1.15.1",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), causing them to be treated as successful responses. This completely bypasses application-level authentication and error handling. The root cause is that validateStatus is the only config property using the mergeDirectKeys merge strategy, which uses JavaScript\u0027s in operator \u2014 an operator that inherently traverses the prototype chain. When Object.prototype.validateStatus is polluted with () =\u003e true, all HTTP status codes are accepted as success. This vulnerability is fixed in 1.15.1 and 0.31.1."
    }
  ],
  "id": "CVE-2026-42041",
  "lastModified": "2026-06-30T03:19:32.853",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-42041",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-04-24T18:29:47.107016Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-04-24T18:16:31.133",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:14937"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:16476"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:16532"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:16534"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:16535"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:16542"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:16874"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:17468"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:17474"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:17657"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:17699"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:19109"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:19375"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:20889"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:20938"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:21017"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:21338"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:21772"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:22465"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:22619"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:22629"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:22840"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:23361"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:24536"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:24539"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:24853"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:24977"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:25041"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:25089"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:25271"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:25273"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:26214"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:26225"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:26232"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:26234"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/security/cve/CVE-2026-42041"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42041.json"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        },
        {
          "lang": "en",
          "value": "CWE-1321"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-915"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.