7.5

CVE-2026-25639

Medienbericht
Exploit

Axios affected by Denial of Service via __proto__ Key in mergeConfig

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AxiosAxios SwPlatformnode.js Version < 0.30.3
AxiosAxios SwPlatformnode.js Version >= 1.0.0 < 1.13.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.59% 0.834
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1287 Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.04.2026 15:19
https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
Patch
https://github.com/axios/axios/releases/tag/v1.13.5
Product
Release Notes
https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
Patch
https://github.com/axios/axios/pull/7369
Issue Tracking
https://github.com/axios/axios/pull/7388
Issue Tracking
https://github.com/axios/axios/releases/tag/v0.30.3
Release Notes
https://bugzilla.redhat.com/show_bug.cgi?id=2438237
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25639.json
https://access.redhat.com/errata/RHSA-2026:10184
https://access.redhat.com/errata/RHSA-2026:11414
https://access.redhat.com/errata/RHSA-2026:13542
https://access.redhat.com/errata/RHSA-2026:13548
https://access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/errata/RHSA-2026:4942
https://access.redhat.com/errata/RHSA-2026:5168
https://access.redhat.com/errata/RHSA-2026:5636
https://access.redhat.com/errata/RHSA-2026:5665
https://access.redhat.com/errata/RHSA-2026:5807
https://access.redhat.com/errata/RHSA-2026:6192
https://access.redhat.com/errata/RHSA-2026:6277
https://access.redhat.com/errata/RHSA-2026:6428
https://access.redhat.com/errata/RHSA-2026:6497
https://access.redhat.com/errata/RHSA-2026:6567
https://access.redhat.com/errata/RHSA-2026:6568
https://access.redhat.com/errata/RHSA-2026:7249
https://access.redhat.com/errata/RHSA-2026:8218
https://access.redhat.com/errata/RHSA-2026:8229
https://access.redhat.com/errata/RHSA-2026:9848
https://access.redhat.com/errata/RHSA-2026:6802
https://access.redhat.com/errata/RHSA-2026:25041
https://access.redhat.com/errata/RHSA-2026:6174
https://access.redhat.com/errata/RHSA-2026:2694
https://access.redhat.com/errata/RHSA-2026:3087
https://access.redhat.com/errata/RHSA-2026:36882
https://access.redhat.com/errata/RHSA-2026:5633
https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
Vendor Advisory
Exploit
https://access.redhat.com/errata/RHSA-2026:3105
https://access.redhat.com/errata/RHSA-2026:3106
https://access.redhat.com/errata/RHSA-2026:3107
https://access.redhat.com/errata/RHSA-2026:3109
https://access.redhat.com/errata/RHSA-2026:5142
https://access.redhat.com/errata/RHSA-2026:5174
https://access.redhat.com/errata/RHSA-2026:6170
https://access.redhat.com/errata/RHSA-2026:6308
https://access.redhat.com/errata/RHSA-2026:6309
https://access.redhat.com/errata/RHSA-2026:8499
https://access.redhat.com/errata/RHSA-2026:8500
https://access.redhat.com/errata/RHSA-2026:8501
https://access.redhat.com/security/cve/CVE-2026-25639