Axios 安全漏洞

🗓️ 08 May 2026 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 9 Views

Axios versions 1.0.0 to 1.15.2 had prototype pollution via direct HTTP adapter properties, causing polluted values in requests.

Reporter	Title	Published	Views	Family All 61
IBM Security Bulletins	Security Bulletin: IBM Edge Data Collector uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264	29 May 202610:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	12 Jun 202606:40	–	ibm
IBM Security Bulletins	Security Bulletin: Unrestricted upload of file with dangerous type, improper certificate validation, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	24 Jun 202616:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues	24 Jun 202606:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264	29 May 202607:29	–	ibm
IBM Security Bulletins	Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios	21 May 202616:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Axios affect IBM Cloud Pak System	24 Jun 202623:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules	22 May 202608:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-42264)	4 Jun 202616:00	–	ibm
ATTACKERKB	CVE-2026-42264	8 May 202603:20	–	attackerkb

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-42264

02 Jun 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.4 - 9.1

EPSS0.00414

SSVC

axios prototype pollution security vulnerability object pollution