{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-42041","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-04-23T16:05:01.709Z","datePublished":"2026-04-24T17:55:30.036Z","dateUpdated":"2026-07-09T12:09:34.535Z"},"containers":{"cna":{"title":"Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy","problemTypes":[{"descriptions":[{"cweId":"CWE-287","lang":"en","description":"CWE-287: Improper Authentication","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-1321","lang":"en","description":"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63","tags":["x_refsource_CONFIRM"],"url":"https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"}],"affected":[{"vendor":"axios","product":"axios","versions":[{"version":">= 1.0.0, < 1.15.1","status":"affected"},{"version":"< 0.31.1","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-24T17:55:30.036Z"},"descriptions":[{"lang":"en","value":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), causing them to be treated as successful responses. This completely bypasses application-level authentication and error handling. The root cause is that validateStatus is the only config property using the mergeDirectKeys merge strategy, which uses JavaScript's in operator — an operator that inherently traverses the prototype chain. When Object.prototype.validateStatus is polluted with () => true, all HTTP status codes are accepted as success. This vulnerability is fixed in 1.15.1 and 0.31.1."}],"source":{"advisory":"GHSA-w9j2-pvgh-6h63","discovery":"UNKNOWN"}},"adp":[{"references":[{"url":"https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-24T18:29:47.107016Z","id":"CVE-2026-42041","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-24T18:32:58.115Z"}},{"affected":[{"cpes":["cpe:/a:redhat:apache_camel_hawtio:4.4::el9"],"defaultStatus":"affected","product":"HawtIO HawtIO 4.4.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:network_observ_optr:1.11::el9"],"defaultStatus":"affected","product":"Network Observability (NETOBSERV) 1.11.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2.14::el9"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2.15::el9"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Management for Kubernetes 2.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2.16::el9"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:advanced_cluster_security:4.10::el8"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Security for Kubernetes 4.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"affected","product":"Red Hat Data Grid 8.6.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:discovery:2::el9"],"defaultStatus":"affected","product":"Red Hat Discovery 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhmt:1.8::el8"],"defaultStatus":"affected","product":"Red Hat Migration Toolkit 1.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.25","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4.21::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4.21","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Dev Spaces 3.28","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Service Mesh 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.10::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.12::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.12","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.14::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.15::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.16::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.17::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.17","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.9::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.18::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.18","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.10::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.11","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"defaultStatus":"affected","product":"multicluster engine for Kubernetes 2.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:migration_toolkit_applications:8"],"defaultStatus":"affected","product":"Migration Toolkit for Applications 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"],"defaultStatus":"affected","product":"Red Hat 3scale API Management Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_registry:2"],"defaultStatus":"affected","product":"Red Hat build of Apicurio Registry 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apicurio_registry:3"],"defaultStatus":"affected","product":"Red Hat build of Apicurio Registry 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:podman_desktop:0"],"defaultStatus":"affected","product":"Red Hat Build of Podman Desktop - Tech Preview","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_portal:2"],"defaultStatus":"affected","product":"Self-service automation portal 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cryostat:4"],"defaultStatus":"unaffected","product":"Cryostat 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:gatekeeper:3"],"defaultStatus":"unaffected","product":"Gatekeeper 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3"],"defaultStatus":"unaffected","product":"OpenShift Service Mesh 3","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"unaffected","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"unaffected","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"],"defaultStatus":"unaffected","product":"Red Hat Process Automation 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"unaffected","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:trusted_profile_analyzer:2"],"defaultStatus":"unaffected","product":"Red Hat Trusted Profile Analyzer","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:2"],"defaultStatus":"unaffected","product":"streams for Apache Kafka 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:3"],"defaultStatus":"unaffected","product":"streams for Apache Kafka 3","vendor":"Red Hat"}],"datePublic":"2026-04-24T17:55:30.036Z","descriptions":[{"lang":"en","value":"A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-915","description":"Improperly Controlled Modification of Dynamically-Determined Object Attributes","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-42041"},{"name":"RHBZ#2461629","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461629"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42041.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36882"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24539"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25273"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33574"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26234"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26214"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26232"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26225"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24536"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25271"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19109"}],"solutions":[{"lang":"en","value":"RHSA-2026:25089: HawtIO HawtIO 4.4.0"},{"lang":"en","value":"RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"},{"lang":"en","value":"RHSA-2026:36882: Red Hat Advanced Cluster Management for Kubernetes 2.14"},{"lang":"en","value":"RHSA-2026:24539: Red Hat Advanced Cluster Management for Kubernetes 2.15"},{"lang":"en","value":"RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16"},{"lang":"en","value":"RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"},{"lang":"en","value":"RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"},{"lang":"en","value":"RHSA-2026:22619: Red Hat Data Grid 8.6.1"},{"lang":"en","value":"RHSA-2026:21338: Red Hat Developer Hub 1.8"},{"lang":"en","value":"RHSA-2026:33574: Red Hat Developer Hub 1.9"},{"lang":"en","value":"RHSA-2026:26234: Red Hat Developer Hub 1.9"},{"lang":"en","value":"RHSA-2026:14937: Red Hat Discovery 2"},{"lang":"en","value":"RHSA-2026:25041: Red Hat Migration Toolkit 1.8"},{"lang":"en","value":"RHSA-2026:24977: Red Hat OpenShift AI 2.25"},{"lang":"en","value":"RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"},{"lang":"en","value":"RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"},{"lang":"en","value":"RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"},{"lang":"en","value":"RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"},{"lang":"en","value":"RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0"},{"lang":"en","value":"RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"},{"lang":"en","value":"RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"},{"lang":"en","value":"RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"},{"lang":"en","value":"RHSA-2026:22840: Red Hat Quay 3.10"},{"lang":"en","value":"RHSA-2026:22629: Red Hat Quay 3.12"},{"lang":"en","value":"RHSA-2026:21017: Red Hat Quay 3.14"},{"lang":"en","value":"RHSA-2026:24853: Red Hat Quay 3.15"},{"lang":"en","value":"RHSA-2026:19375: Red Hat Quay 3.16"},{"lang":"en","value":"RHSA-2026:22465: Red Hat Quay 3.17"},{"lang":"en","value":"RHSA-2026:23361: Red Hat Quay 3.9"},{"lang":"en","value":"RHSA-2026:26214: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:26232: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:26225: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:24536: multicluster engine for Kubernetes 2.10"},{"lang":"en","value":"RHSA-2026:25271: multicluster engine for Kubernetes 2.11"},{"lang":"en","value":"RHSA-2026:17657: multicluster engine for Kubernetes 2.6"},{"lang":"en","value":"RHSA-2026:17699: multicluster engine for Kubernetes 2.8"},{"lang":"en","value":"RHSA-2026:19109: multicluster engine for Kubernetes 2.9"}],"timeline":[{"lang":"en","time":"2026-04-24T19:01:41.034Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-24T17:55:30.036Z","value":"Made public."}],"title":"axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-09T12:09:34.535Z"}}]}}