VDB

RHSA-2026%3A8499

RHSA-2026%3A8499 PUBLISHED CVSS 7.5 HIGH

A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64 as a component of Red Hat Satellite 6.18registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64, registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64, registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64
Red Hatregistry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64 as a component of Red Hat Satellite 6.18*, registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64, *

Timeline

  • Apr 16, 2026 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 14, 2026 CVE Updated

References

…and 2 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›