Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-04-24T17:55:30 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CWE-915

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.

Red Hat Discovery 2 2026-05-07T00:00:00Z RHSA-2026:14937 discovery/discovery-ui-rhel9:1778156756 Cryostat 4 Affected axios Gatekeeper 3 Not affected gatekeeper/gatekeeper-rhel9 Migration Toolkit for Applications 8 Affected mta/mta-ui-rhel8 Migration Toolkit for Applications 8 Affected mta/mta-ui-rhel9 Migration Toolkit for Containers Affected rhmtc/openshift-migration-ui-rhel8 Multicluster Engine for Kubernetes Affected multicluster-engine/console-mce-rhel9 Network Observability Operator Affected network-observability/network-observability-console-plugin-compat-rhel9 Network Observability Operator Affected network-observability/network-observability-console-plugin-rhel9 OpenShift Pipelines Affected openshift-pipelines/pipelines-hub-ui-rhel8 OpenShift Pipelines Affected openshift-pipelines/pipelines-hub-ui-rhel9 OpenShift Service Mesh 2 Affected openshift-service-mesh/kiali-ossmc-rhel8 OpenShift Service Mesh 2 Affected openshift-service-mesh/kiali-rhel8 OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-operator-bundle OpenShift Service Mesh 3 Affected openshift-service-mesh/kiali-ossmc-rhel9 OpenShift Service Mesh 3 Affected openshift-service-mesh/kiali-rhel9 OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-rhel9-operator Red Hat 3scale API Management Platform 2 Affected 3scale-amp21/system Red Hat 3scale API Management Platform 2 Affected 3scale-amp22/system Red Hat 3scale API Management Platform 2 Affected 3scale-amp2/system-rhel7 Red Hat 3scale API Management Platform 2 Affected 3scale-amp2/system-rhel8 Red Hat 3scale API Management Platform 2 Affected 3scale-amp2/system-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Affected rhacm2/console-rhel9 Red Hat Advanced Cluster Security 4 Affected advanced-cluster-security/rhacs-main-rhel8 Red Hat Ansible Automation Platform 2 Affected ansible-automation-platform-26/gateway-rhel9 Red Hat Ansible Automation Platform 2 Affected ansible-automation-platform/automation-dashboard-rhel9 Red Hat Ansible Automation Platform 2 Affected automation-controller Red Hat Ansible Automation Platform 2 Affected automation-gateway Red Hat Ansible Automation Platform 2 Affected automation-hub Red Hat Ansible Automation Platform 2 Affected automation-platform-ui Red Hat Ansible Automation Platform 2 Not affected python3.11-galaxy-ng Red Hat Ansible Automation Platform 2 Affected python3.12-galaxy-ng Red Hat Ansible Automation Platform 2 Not affected python3x-galaxy-ng Red Hat Ansible Automation Platform 2 Not affected python-galaxy-ng Red Hat build of Apache Camel - HawtIO 4 Not affected axios Red Hat build of Apicurio Registry 2 Affected axios Red Hat build of Apicurio Registry 3 Affected apicurio/apicurio-registry-ui-rhel8 Red Hat build of Apicurio Registry 3 Affected apicurio/apicurio-registry-ui-rhel9 Red Hat Build of Podman Desktop - Tech Preview Will not fix rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10 Red Hat Data Grid 8 Affected axios Red Hat Developer Hub Affected rhdh/rhdh-hub-rhel9 Red Hat Enterprise Linux 8 Affected grafana Red Hat Enterprise Linux 9 Affected grafana Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-rocm-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/disk-image-cuda-rhel9 Red Hat Fuse 7 Not affected axios Red Hat Hardened Images Not affected boost Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-dashboard-rhel8 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-dashboard-rhel9 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-mod-arch-gen-ai-rhel9 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-mod-arch-maas-rhel9 Red Hat OpenShift AI (RHOAI) Affected rhoai/odh-mod-arch-model-registry-rhel9 Red Hat OpenShift Container Platform 4 Affected openshift3/ose-console Red Hat OpenShift Container Platform 4 Affected openshift4/ose-agent-installer-ui-rhel9 Red Hat OpenShift Container Platform 4 Affected openshift4/ose-console Red Hat OpenShift Container Platform 4 Affected openshift4/ose-console-rhel9 Red Hat OpenShift Container Platform 4 Affected openshift4/ose-monitoring-plugin-rhel9 Red Hat OpenShift Dev Spaces Affected devspaces/code-rhel9 Red Hat OpenShift Dev Spaces Affected devspaces/dashboard-rhel9 Red Hat OpenShift Virtualization 4 Not affected container-native-virtualization/kubevirt-console-plugin Red Hat OpenShift Virtualization 4 Affected container-native-virtualization/kubevirt-console-plugin-rhel9 Red Hat Process Automation 7 Not affected axios Red Hat Quay 3 Affected quay/quay-rhel8 Red Hat Quay 3 Affected quay/quay-rhel9 Red Hat Satellite 6 Affected satellite/iop-advisor-frontend-rhel9 Red Hat Satellite 6 Affected satellite/iop-host-inventory-frontend-rhel9 Red Hat Satellite 6 Affected satellite/iop-vulnerability-frontend-rhel9 Red Hat Trusted Artifact Signer Not affected rhtas/rhtas-console-ui-rhel9 Red Hat Trusted Profile Analyzer Not affected rhtpa/rhtpa-trustification-service-rhel9 Self-service automation portal 2 Affected ansible-automation-platform/automation-portal streams for Apache Kafka 2 Not affected axios streams for Apache Kafka 3 Not affected axios https://www.cve.org/CVERecord?id=CVE-2026-42041 https://nvd.nist.gov/vuln/detail/CVE-2026-42041 https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63