Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8a5f-cd5t-mucc
Vulnerability ID VCID-8a5f-cd5t-mucc
Aliases CVE-2026-42044
GHSA-3w6x-2g7m-8v23
Summary axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget
Status Published
Exploitability 0.5
Weighted Severity 6.7
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2026-42044
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2026-42044
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2026-42044
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3w6x-2g7m-8v23
cvssv3.1 6.5 https://github.com/axios/axios
generic_textual MODERATE https://github.com/axios/axios
cvssv3.1 6.5 https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
cvssv3.1_qr MODERATE https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
generic_textual MODERATE https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
ssvc Track https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2026-42044
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-42044
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json
https://api.first.org/data/v1/epss?cve=CVE-2026-42044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42044
https://github.com/axios/axios
https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
https://nvd.nist.gov/vuln/detail/CVE-2026-42044
1134878 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
2461624 https://bugzilla.redhat.com/show_bug.cgi?id=2461624
GHSA-3w6x-2g7m-8v23 https://github.com/advisories/GHSA-3w6x-2g7m-8v23
RHSA-2026:16532 https://access.redhat.com/errata/RHSA-2026:16532
RHSA-2026:16534 https://access.redhat.com/errata/RHSA-2026:16534
RHSA-2026:16535 https://access.redhat.com/errata/RHSA-2026:16535
RHSA-2026:16542 https://access.redhat.com/errata/RHSA-2026:16542
RHSA-2026:17657 https://access.redhat.com/errata/RHSA-2026:17657
RHSA-2026:17699 https://access.redhat.com/errata/RHSA-2026:17699
RHSA-2026:19109 https://access.redhat.com/errata/RHSA-2026:19109
RHSA-2026:19375 https://access.redhat.com/errata/RHSA-2026:19375
RHSA-2026:20338 https://access.redhat.com/errata/RHSA-2026:20338
RHSA-2026:20454 https://access.redhat.com/errata/RHSA-2026:20454
RHSA-2026:20889 https://access.redhat.com/errata/RHSA-2026:20889
RHSA-2026:20938 https://access.redhat.com/errata/RHSA-2026:20938
RHSA-2026:21017 https://access.redhat.com/errata/RHSA-2026:21017
RHSA-2026:21338 https://access.redhat.com/errata/RHSA-2026:21338
RHSA-2026:21772 https://access.redhat.com/errata/RHSA-2026:21772
RHSA-2026:22465 https://access.redhat.com/errata/RHSA-2026:22465
RHSA-2026:22629 https://access.redhat.com/errata/RHSA-2026:22629
RHSA-2026:22840 https://access.redhat.com/errata/RHSA-2026:22840
RHSA-2026:23361 https://access.redhat.com/errata/RHSA-2026:23361
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://github.com/axios/axios
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:11:49Z/ Found at https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-42044
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.40549
EPSS Score 0.00188
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:29:15.888456+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json 38.6.0