Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-24T17:58:16 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-93

A flaw was found in Axios, an HTTP client for Node.js. A remote attacker, by controlling the type property of a file-like object, could inject arbitrary MIME part headers into multipart form data. This vulnerability arises from insufficient sanitization of carriage return and line feed (CRLF) sequences in the Content-Type header. This could lead to information disclosure by allowing the attacker to manipulate the structure of the multipart body.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Cryostat 4 Fix deferred axios Gatekeeper 3 Fix deferred gatekeeper/gatekeeper-rhel9 Migration Toolkit for Applications 8 Fix deferred mta/mta-ui-rhel8 Migration Toolkit for Applications 8 Fix deferred mta/mta-ui-rhel9 Migration Toolkit for Containers Fix deferred rhmtc/openshift-migration-ui-rhel8 Multicluster Engine for Kubernetes Fix deferred multicluster-engine/console-mce-rhel9 Network Observability Operator Fix deferred network-observability/network-observability-console-plugin-compat-rhel9 Network Observability Operator Fix deferred network-observability/network-observability-console-plugin-rhel9 OpenShift Pipelines Fix deferred openshift-pipelines/pipelines-hub-ui-rhel8 OpenShift Pipelines Fix deferred openshift-pipelines/pipelines-hub-ui-rhel9 OpenShift Service Mesh 2 Fix deferred openshift-service-mesh/kiali-ossmc-rhel8 OpenShift Service Mesh 2 Fix deferred openshift-service-mesh/kiali-rhel8 OpenShift Service Mesh 3 Fix deferred openshift-service-mesh/kiali-operator-bundle OpenShift Service Mesh 3 Fix deferred openshift-service-mesh/kiali-ossmc-rhel9 OpenShift Service Mesh 3 Fix deferred openshift-service-mesh/kiali-rhel9 OpenShift Service Mesh 3 Fix deferred openshift-service-mesh/kiali-rhel9-operator Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp21/system Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp22/system Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/system-rhel7 Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/system-rhel8 Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/system-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/console-rhel9 Red Hat Advanced Cluster Security 4 Fix deferred advanced-cluster-security/rhacs-main-rhel8 Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform-26/gateway-rhel9 Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform/automation-dashboard-rhel9 Red Hat Ansible Automation Platform 2 Fix deferred automation-controller Red Hat Ansible Automation Platform 2 Fix deferred automation-gateway Red Hat Ansible Automation Platform 2 Fix deferred automation-hub Red Hat Ansible Automation Platform 2 Fix deferred automation-platform-ui Red Hat Ansible Automation Platform 2 Fix deferred python3.11-galaxy-ng Red Hat Ansible Automation Platform 2 Fix deferred python3.12-galaxy-ng Red Hat Ansible Automation Platform 2 Fix deferred python3x-galaxy-ng Red Hat Ansible Automation Platform 2 Fix deferred python-galaxy-ng Red Hat build of Apache Camel - HawtIO 4 Fix deferred axios Red Hat build of Apicurio Registry 2 Fix deferred axios Red Hat build of Apicurio Registry 3 Fix deferred apicurio/apicurio-registry-ui-rhel8 Red Hat build of Apicurio Registry 3 Fix deferred apicurio/apicurio-registry-ui-rhel9 Red Hat Build of Podman Desktop - Tech Preview Fix deferred rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10 Red Hat Data Grid 8 Fix deferred axios Red Hat Developer Hub Fix deferred rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor Red Hat Developer Hub Fix deferred rhdh/rhdh-hub-rhel9 Red Hat Discovery 2 Fix deferred discovery/discovery-ui-rhel9 Red Hat Enterprise Linux 8 Fix deferred grafana Red Hat Enterprise Linux 9 Fix deferred grafana Red Hat Enterprise Linux AI (RHEL AI) 3 Fix deferred rhelai3/bootc-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Fix deferred rhelai3/bootc-rocm-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Fix deferred rhelai3/disk-image-cuda-rhel9 Red Hat Fuse 7 Fix deferred axios Red Hat Hardened Images Not affected boost Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-dashboard-rhel8 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-dashboard-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-mod-arch-gen-ai-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-mod-arch-maas-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-mod-arch-model-registry-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift3/ose-console Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-agent-installer-ui-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-console Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-console-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-monitoring-plugin-rhel9 Red Hat OpenShift Dev Spaces Fix deferred devspaces/code-rhel9 Red Hat OpenShift Dev Spaces Fix deferred devspaces/dashboard-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/kubevirt-console-plugin Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/kubevirt-console-plugin-rhel9 Red Hat Process Automation 7 Fix deferred axios Red Hat Quay 3 Fix deferred quay/quay-rhel8 Red Hat Quay 3 Fix deferred quay/quay-rhel9 Red Hat Satellite 6 Fix deferred satellite/iop-advisor-frontend-rhel9 Red Hat Satellite 6 Fix deferred satellite/iop-host-inventory-frontend-rhel9 Red Hat Satellite 6 Fix deferred satellite/iop-vulnerability-frontend-rhel9 Red Hat Trusted Artifact Signer Fix deferred rhtas/rhtas-console-ui-rhel9 Red Hat Trusted Profile Analyzer Fix deferred rhtpa/rhtpa-trustification-service-rhel9 Self-service automation portal 2 Fix deferred ansible-automation-platform/automation-portal streams for Apache Kafka 2 Fix deferred axios streams for Apache Kafka 3 Fix deferred axios https://www.cve.org/CVERecord?id=CVE-2026-42037 https://nvd.nist.gov/vuln/detail/CVE-2026-42037 https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77