Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-24T17:38:07 axios: Axios: Arbitrary HTTP header injection via prototype pollution 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CWE-915

A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Discovery 2 2026-05-07T00:00:00Z RHSA-2026:14937 discovery/discovery-ui-rhel9:1778156756 Cryostat 4 Affected axios Gatekeeper 3 Not affected gatekeeper/gatekeeper-rhel9 Migration Toolkit for Applications 8 Affected mta/mta-ui-rhel8 Migration Toolkit for Applications 8 Affected mta/mta-ui-rhel9 Migration Toolkit for Containers Affected rhmtc/openshift-migration-ui-rhel8 Multicluster Engine for Kubernetes Affected multicluster-engine/console-mce-rhel9 Network Observability Operator Affected network-observability/network-observability-console-plugin-compat-rhel9 Network Observability Operator Affected network-observability/network-observability-console-plugin-rhel9 OpenShift Pipelines Affected openshift-pipelines/pipelines-hub-ui-rhel8 OpenShift Pipelines Affected openshift-pipelines/pipelines-hub-ui-rhel9 OpenShift Service Mesh 2 Affected openshift-service-mesh/kiali-ossmc-rhel8 OpenShift Service Mesh 2 Affected openshift-service-mesh/kiali-rhel8 OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-operator-bundle OpenShift Service Mesh 3 Affected openshift-service-mesh/kiali-ossmc-rhel9 OpenShift Service Mesh 3 Affected openshift-service-mesh/kiali-rhel9 OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-rhel9-operator Red Hat 3scale API Management Platform 2 Affected 3scale-amp21/system Red Hat 3scale API Management Platform 2 Affected 3scale-amp22/system Red Hat 3scale API Management Platform 2 Affected 3scale-amp2/system-rhel7 Red Hat 3scale API Management Platform 2 Affected 3scale-amp2/system-rhel8 Red Hat 3scale API Management Platform 2 Affected 3scale-amp2/system-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Affected rhacm2/console-rhel9 Red Hat Advanced Cluster Security 4 Affected advanced-cluster-security/rhacs-main-rhel8 Red Hat Ansible Automation Platform 2 Affected ansible-automation-platform-26/gateway-rhel9 Red Hat Ansible Automation Platform 2 Affected ansible-automation-platform/automation-dashboard-rhel9 Red Hat Ansible Automation Platform 2 Affected automation-controller Red Hat Ansible Automation Platform 2 Affected automation-gateway Red Hat Ansible Automation Platform 2 Affected automation-hub Red Hat Ansible Automation Platform 2 Affected automation-platform-ui Red Hat Ansible Automation Platform 2 Not affected python3.11-galaxy-ng Red Hat Ansible Automation Platform 2 Affected python3.12-galaxy-ng Red Hat Ansible Automation Platform 2 Not affected python3x-galaxy-ng Red Hat Ansible Automation Platform 2 Not affected python-galaxy-ng Red Hat build of Apache Camel - HawtIO 4 Affected axios Red Hat build of Apicurio Registry 2 Affected axios Red Hat build of Apicurio Registry 3 Affected apicurio/apicurio-registry-ui-rhel8 Red Hat build of Apicurio Registry 3 Affected apicurio/apicurio-registry-ui-rhel9 Red Hat Build of Podman Desktop - Tech Preview Will not fix rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10 Red Hat Data Grid 8 Not affected axios Red Hat Developer Hub Will not fix rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor Red Hat Developer Hub Affected rhdh/rhdh-hub-rhel9 Red Hat Enterprise Linux 8 Affected grafana Red Hat Enterprise Linux 9 Affected grafana Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-rocm-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/disk-image-cuda-rhel9 Red Hat Fuse 7 Will not fix axios Red Hat Hardened Images Not affected boost Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-dashboard-rhel8 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-dashboard-rhel9 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-mod-arch-gen-ai-rhel9 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-mod-arch-maas-rhel9 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-mod-arch-model-registry-rhel9 Red Hat OpenShift Container Platform 4 Affected openshift3/ose-console Red Hat OpenShift Container Platform 4 Affected openshift4/ose-agent-installer-ui-rhel9 Red Hat OpenShift Container Platform 4 Affected openshift4/ose-console Red Hat OpenShift Container Platform 4 Affected openshift4/ose-console-rhel9 Red Hat OpenShift Container Platform 4 Affected openshift4/ose-monitoring-plugin-rhel9 Red Hat OpenShift Dev Spaces Affected devspaces/code-rhel9 Red Hat OpenShift Dev Spaces Affected devspaces/dashboard-rhel9 Red Hat OpenShift Virtualization 4 Affected container-native-virtualization/kubevirt-console-plugin Red Hat OpenShift Virtualization 4 Affected container-native-virtualization/kubevirt-console-plugin-rhel9 Red Hat Process Automation 7 Not affected axios Red Hat Quay 3 Affected quay/quay-rhel8 Red Hat Quay 3 Affected quay/quay-rhel9 Red Hat Satellite 6 Affected satellite/iop-advisor-frontend-rhel9 Red Hat Satellite 6 Affected satellite/iop-host-inventory-frontend-rhel9 Red Hat Satellite 6 Affected satellite/iop-vulnerability-frontend-rhel9 Red Hat Trusted Artifact Signer Affected rhtas/rhtas-console-ui-rhel9 Red Hat Trusted Profile Analyzer Affected rhtpa/rhtpa-trustification-service-rhel9 Self-service automation portal 2 Affected ansible-automation-platform/automation-portal streams for Apache Kafka 2 Not affected axios streams for Apache Kafka 3 Not affected axios https://www.cve.org/CVERecord?id=CVE-2026-42035 https://nvd.nist.gov/vuln/detail/CVE-2026-42035 https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9