CVE-2026-42044 - Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
CVE ID :CVE-2026-42044 Published : April 24, 2026, 6:16 p.m. | 1 hour, 41 minutes ago Description :Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.proto
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] In 1965 screens got 1.2 hours a day. Now they get 7. The interface did that.
- [CYBER] potential crucial vulnerability?
- [CYBER] Firestarter malware survives Cisco firewall updates, security patches
- [CYBER] CVE-2026-42171 - NSIS Privilege Escalation Vulnerability
- [CYBER] CVE-2026-41488 - angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
- [CYBER] CVE-2026-41481 - LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass