CVE-2026-40175
highCVSS v3 Base Score
9.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 80% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: April 10, 2026 (90 days ago)
Last Modified: April 10, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This vulnerability is fixed in 1.15.0 and 0.3.1.
CWE
CWE-915Affected Products
Cryostat 4Gatekeeper 3Logging Subsystem for Red Hat OpenShiftMigration Toolkit for Applications 8Migration Toolkit for ContainersOpenShift PipelinesOpenShift Service Mesh 3Red Hat 3scale API Management Platform 2Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4