{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-40175","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-04-09T20:59:17.618Z","datePublished":"2026-04-10T19:23:52.285Z","dateUpdated":"2026-07-09T12:09:37.135Z"},"containers":{"cna":{"title":"Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain","problemTypes":[{"descriptions":[{"cweId":"CWE-113","lang":"en","description":"CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-444","lang":"en","description":"CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-918","lang":"en","description":"CWE-918: Server-Side Request Forgery (SSRF)","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx","tags":["x_refsource_CONFIRM"],"url":"https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"},{"name":"https://github.com/axios/axios/pull/10660","tags":["x_refsource_MISC"],"url":"https://github.com/axios/axios/pull/10660"},{"name":"https://github.com/axios/axios/pull/10688","tags":["x_refsource_MISC"],"url":"https://github.com/axios/axios/pull/10688"},{"name":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","tags":["x_refsource_MISC"],"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c"},{"name":"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1","tags":["x_refsource_MISC"],"url":"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"},{"name":"https://github.com/axios/axios/releases/tag/v0.31.0","tags":["x_refsource_MISC"],"url":"https://github.com/axios/axios/releases/tag/v0.31.0"},{"name":"https://github.com/axios/axios/releases/tag/v1.15.0","tags":["x_refsource_MISC"],"url":"https://github.com/axios/axios/releases/tag/v1.15.0"}],"affected":[{"vendor":"axios","product":"axios","versions":[{"version":">= 1.0.0, < 1.15.0","status":"affected"},{"version":"< 0.31.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-05-20T00:26:34.868Z"},"descriptions":[{"lang":"en","value":"Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This vulnerability is fixed in 1.15.0 and 0.3.1."}],"source":{"advisory":"GHSA-fvcv-3m26-pcqx","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-04-13T09:32:22.149Z"},"references":[{"url":"https://github.com/axios/axios/pull/10660#issuecomment-4224168081"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-12T20:43:26.884164Z","id":"CVE-2026-40175","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-12T20:43:40.670Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:09:07.347Z"},"affected":[{"vendor":"Siemens","product":"gWAP","versions":[{"status":"affected","version":"0","lessThan":"V3.1.1","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-876049.html"}]},{"affected":[{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:network_observ_optr:1.11::el9"],"defaultStatus":"affected","product":"Network Observability (NETOBSERV) 1.11.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2.14::el9"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2.15::el9"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Management for Kubernetes 2.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:discovery:2::el9"],"defaultStatus":"affected","product":"Red Hat Discovery 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhmt:1.8::el8"],"defaultStatus":"affected","product":"Red Hat Migration Toolkit 1.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.14::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.15::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.19::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.19","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.21::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.21","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3.27::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Dev Spaces 3.27","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.18::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.18","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"defaultStatus":"affected","product":"Red Hat Trusted Artifact Signer 1.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:3.2::el9"],"defaultStatus":"affected","product":"Streams for Apache Kafka 3.2.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.10::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:migration_toolkit_applications:8"],"defaultStatus":"affected","product":"Migration Toolkit for Applications 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_hawtio:4"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel - HawtIO 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_registry:2"],"defaultStatus":"affected","product":"Red Hat build of Apicurio Registry 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apicurio_registry:3"],"defaultStatus":"affected","product":"Red Hat build of Apicurio Registry 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:podman_desktop:0"],"defaultStatus":"affected","product":"Red Hat Build of Podman Desktop - Tech Preview","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1"],"defaultStatus":"affected","product":"Red Hat Developer Hub","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"affected","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"affected","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:trusted_profile_analyzer:2"],"defaultStatus":"affected","product":"Red Hat Trusted Profile Analyzer","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el10","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"],"defaultStatus":"unaffected","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cryostat:4"],"defaultStatus":"unaffected","product":"Cryostat 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:gatekeeper:3"],"defaultStatus":"unaffected","product":"Gatekeeper 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:logging:5"],"defaultStatus":"unaffected","product":"Logging Subsystem for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3"],"defaultStatus":"unaffected","product":"OpenShift Service Mesh 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"],"defaultStatus":"unaffected","product":"Red Hat 3scale API Management Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2"],"defaultStatus":"unaffected","product":"Red Hat Ansible Automation Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:kueue_operator:1"],"defaultStatus":"unaffected","product":"Red Hat Build of Kueue","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"unaffected","product":"Red Hat Data Grid 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"unaffected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"],"defaultStatus":"unaffected","product":"Red Hat Process Automation 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3"],"defaultStatus":"unaffected","product":"Red Hat Quay 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_portal:2"],"defaultStatus":"unaffected","product":"Self-service automation portal 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:2"],"defaultStatus":"unaffected","product":"streams for Apache Kafka 2","vendor":"Red Hat"}],"datePublic":"2026-04-10T19:23:52.285Z","descriptions":[{"lang":"en","value":"A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific \"Gadget\" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-915","description":"Improperly Controlled Modification of Dynamically-Determined Object Attributes","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-40175"},{"name":"RHBZ#2457432","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457432"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40175.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24762"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36882"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:15091"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:14774"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10104"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20041"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8499"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8500"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8501"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10172"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10153"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:11414"}],"solutions":[{"lang":"en","value":"RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"},{"lang":"en","value":"RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"},{"lang":"en","value":"RHSA-2026:36882: Red Hat Advanced Cluster Management for Kubernetes 2.14"},{"lang":"en","value":"RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"},{"lang":"en","value":"RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"},{"lang":"en","value":"RHSA-2026:9742: Red Hat Developer Hub 1.8"},{"lang":"en","value":"RHSA-2026:13826: Red Hat Developer Hub 1.9"},{"lang":"en","value":"RHSA-2026:14937: Red Hat Discovery 2"},{"lang":"en","value":"RHSA-2026:25041: Red Hat Migration Toolkit 1.8"},{"lang":"en","value":"RHSA-2026:19712: Red Hat OpenShift AI 3.3"},{"lang":"en","value":"RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"},{"lang":"en","value":"RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"},{"lang":"en","value":"RHSA-2026:10104: Red Hat OpenShift Container Platform 4.16"},{"lang":"en","value":"RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"},{"lang":"en","value":"RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"},{"lang":"en","value":"RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"},{"lang":"en","value":"RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"},{"lang":"en","value":"RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"},{"lang":"en","value":"RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"},{"lang":"en","value":"RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"},{"lang":"en","value":"RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"},{"lang":"en","value":"RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"},{"lang":"en","value":"RHSA-2026:8499: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:8500: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:8501: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:10172: Red Hat Trusted Artifact Signer 1.3"},{"lang":"en","value":"RHSA-2026:10153: Red Hat Trusted Artifact Signer 1.3"},{"lang":"en","value":"RHSA-2026:13571: Streams for Apache Kafka 3.2.0"},{"lang":"en","value":"RHSA-2026:13542: multicluster engine for Kubernetes 2.10"},{"lang":"en","value":"RHSA-2026:17657: multicluster engine for Kubernetes 2.6"},{"lang":"en","value":"RHSA-2026:17699: multicluster engine for Kubernetes 2.8"},{"lang":"en","value":"RHSA-2026:11414: multicluster engine for Kubernetes 2.9"}],"timeline":[{"lang":"en","time":"2026-04-10T20:02:10.296Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-10T19:23:52.285Z","value":"Made public."}],"title":"axios: Axios: Remote Code Execution via Prototype Pollution escalation","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-09T12:09:37.135Z"}}]}}