Home / Vulnerability Intelligence / CVE-2026-42033

CVE-2026-42033 - Vulnerability Analysis

HighCVSS: 7.4

Last Updated: April 27, 2026

Axios - Prototype Pollution

Published: April 24, 2026Updated: April 27, 2026PoC AvailableRemote Exploitable

Overview

Axios < 1.15.1 and < 0.31.1 contains a prototype pollution vulnerability caused by lack of hasOwnProperty guard when reading Object.prototype keys, letting attackers intercept/modify JSON responses or hijack HTTP transport, exploit requires prior prototype pollution.

Severity & Score

Severity: High

CVSS Score: 7.4

Impact

Attackers can intercept/modify JSON responses or hijack HTTP transport, accessing request credentials, headers, and body.

Mitigation

Update to version 1.15.1 or 0.31.1 or later.

References

https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf

Related Resources

Details

CVE ID: CVE-2026-42033
Severity: High
CVSS Score: 7.4
Type: prototype_pollution
Status: confirmed

CWE

CWE-1321

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N