{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-24T17:38:07Z",
  "bugzilla" : {
    "description" : "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
    "id" : "2461606",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-915",
  "details" : [ "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders, append, pipe, on, once, and Symbol.toStringTag, Axios misidentifies any plain object payload as a FormData instance and calls the attacker-controlled getHeaders() function, merging the returned headers into the outgoing request. The vulnerable code resides exclusively in lib/adapters/http.js. The prototype pollution source does not need to originate from Axios itself — any prototype pollution primitive in any dependency in the application's dependency tree is sufficient to trigger this gadget. This vulnerability is fixed in 1.15.1 and 0.31.1.", "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation." ],
  "affected_release" : [ {
    "product_name" : "HawtIO HawtIO 4.4.0",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25089",
    "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4.4::el9",
    "package" : "axios"
  }, {
    "product_name" : "Cluster Observability Operator 1.5.0",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26010",
    "cpe" : "cpe:/a:redhat:cluster_observability_operator:1.5::el9",
    "package" : "cluster-observability-operator/distributed-tracing-console-plugin-pf4-rhel9:1781116645"
  }, {
    "product_name" : "Cluster Observability Operator 1.5.0",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26010",
    "cpe" : "cpe:/a:redhat:cluster_observability_operator:1.5::el9",
    "package" : "cluster-observability-operator/distributed-tracing-console-plugin-pf5-rhel9:1781116658"
  }, {
    "product_name" : "Cluster Observability Operator 1.5.0",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26010",
    "cpe" : "cpe:/a:redhat:cluster_observability_operator:1.5::el9",
    "package" : "cluster-observability-operator/distributed-tracing-console-plugin-pf6-rhel9:1781116387"
  }, {
    "product_name" : "Cluster Observability Operator 1.5.0",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26010",
    "cpe" : "cpe:/a:redhat:cluster_observability_operator:1.5::el9",
    "package" : "cluster-observability-operator/distributed-tracing-console-plugin-rhel9:1781116392"
  }, {
    "product_name" : "Cluster Observability Operator 1.5.0",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26010",
    "cpe" : "cpe:/a:redhat:cluster_observability_operator:1.5::el9",
    "package" : "cluster-observability-operator/monitoring-console-plugin-pf5-rhel9:1781116667"
  }, {
    "product_name" : "Cluster Observability Operator 1.5.0",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26010",
    "cpe" : "cpe:/a:redhat:cluster_observability_operator:1.5::el9",
    "package" : "cluster-observability-operator/monitoring-console-plugin-pf6-rhel9:1781116671"
  }, {
    "product_name" : "Cluster Observability Operator 1.5.0",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26010",
    "cpe" : "cpe:/a:redhat:cluster_observability_operator:1.5::el9",
    "package" : "cluster-observability-operator/monitoring-console-plugin-rhel9:1781116422"
  }, {
    "product_name" : "multicluster engine for Kubernetes 2.10",
    "release_date" : "2026-06-08T00:00:00Z",
    "advisory" : "RHSA-2026:24536",
    "cpe" : "cpe:/a:redhat:multicluster_engine:2.10::el9",
    "package" : "multicluster-engine/console-mce-rhel9:1780917531"
  }, {
    "product_name" : "multicluster engine for Kubernetes 2.11",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25271",
    "cpe" : "cpe:/a:redhat:multicluster_engine:2.11::el9",
    "package" : "multicluster-engine/console-mce-rhel9:1780910888"
  }, {
    "product_name" : "multicluster engine for Kubernetes 2.6",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17657",
    "cpe" : "cpe:/a:redhat:multicluster_engine:2.6::el9",
    "package" : "multicluster-engine/console-mce-rhel9:1778511348"
  }, {
    "product_name" : "multicluster engine for Kubernetes 2.8",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17699",
    "cpe" : "cpe:/a:redhat:multicluster_engine:2.8::el9",
    "package" : "multicluster-engine/console-mce-rhel9:1778383863"
  }, {
    "product_name" : "multicluster engine for Kubernetes 2.9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19109",
    "cpe" : "cpe:/a:redhat:multicluster_engine:2.9::el9",
    "package" : "multicluster-engine/console-mce-rhel9:1778532610"
  }, {
    "product_name" : "Network Observability (NETOBSERV) 1.11.2",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16874",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9",
    "package" : "network-observability/network-observability-console-plugin-compat-rhel9:1778508956"
  }, {
    "product_name" : "Network Observability (NETOBSERV) 1.11.2",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16874",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9",
    "package" : "network-observability/network-observability-console-plugin-rhel9:1778510461"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.15",
    "release_date" : "2026-06-08T00:00:00Z",
    "advisory" : "RHSA-2026:24539",
    "cpe" : "cpe:/a:redhat:acm:2.15::el9",
    "package" : "rhacm2/console-rhel9:1780876734"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.16",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25273",
    "cpe" : "cpe:/a:redhat:acm:2.16::el9",
    "package" : "rhacm2/console-rhel9:1780600823"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.10",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20889",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.10::el8",
    "package" : "advanced-cluster-security/rhacs-main-rhel8:1779293013"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20938",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8",
    "package" : "advanced-cluster-security/rhacs-main-rhel8:1779371594"
  }, {
    "product_name" : "Red Hat Developer Hub 1.8",
    "release_date" : "2026-05-27T00:00:00Z",
    "advisory" : "RHSA-2026:21338",
    "cpe" : "cpe:/a:redhat:rhdh:1.8::el9",
    "package" : "rhdh/rhdh-hub-rhel9:1779841586"
  }, {
    "product_name" : "Red Hat Developer Hub 1.9",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26234",
    "cpe" : "cpe:/a:redhat:rhdh:1.9::el9",
    "package" : "rhdh/rhdh-hub-rhel9:1781187342"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2026-05-07T00:00:00Z",
    "advisory" : "RHSA-2026:14937",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-ui-rhel9:1778156756"
  }, {
    "product_name" : "Red Hat Migration Toolkit 1.8",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25041",
    "cpe" : "cpe:/a:redhat:rhmt:1.8::el8",
    "package" : "rhmtc/openshift-migration-ui-rhel8:1780590717"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:24977",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-dashboard-rhel9:1780467029"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:24977",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-mod-arch-model-registry-rhel9:1780467147"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.20",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:17468",
    "cpe" : "cpe:/a:redhat:openshift:4.20::el9",
    "package" : "openshift4/ose-agent-installer-ui-rhel9:1778645099"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.21",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:17474",
    "cpe" : "cpe:/a:redhat:openshift:4.21::el9",
    "package" : "openshift4/ose-agent-installer-ui-rhel9:1778539338"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces 3.28",
    "release_date" : "2026-05-28T00:00:00Z",
    "advisory" : "RHSA-2026:21772",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3.28::el9",
    "package" : "devspaces/code-rhel9:1779814592"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces 3.28",
    "release_date" : "2026-05-28T00:00:00Z",
    "advisory" : "RHSA-2026:21772",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3.28::el9",
    "package" : "devspaces/dashboard-rhel9:1779341289"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16476",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/kiali-ossmc-rhel8:1778191473"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16476",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/kiali-rhel8:1778191378"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.0",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16534",
    "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9",
    "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1778163785"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.0",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16534",
    "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9",
    "package" : "openshift-service-mesh/kiali-rhel9:1778164208"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.1",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16532",
    "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9",
    "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1778163935"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.1",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16532",
    "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9",
    "package" : "openshift-service-mesh/kiali-rhel9:1778164042"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.2",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16535",
    "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9",
    "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1778163792"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.2",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16535",
    "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9",
    "package" : "openshift-service-mesh/kiali-rhel9:1778163909"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.3",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16542",
    "cpe" : "cpe:/a:redhat:service_mesh:3.3::el9",
    "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1778163785"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 3.3",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16542",
    "cpe" : "cpe:/a:redhat:service_mesh:3.3::el9",
    "package" : "openshift-service-mesh/kiali-rhel9:1778163986"
  }, {
    "product_name" : "Red Hat Quay 3.1",
    "release_date" : "2026-06-03T00:00:00Z",
    "advisory" : "RHSA-2026:22840",
    "cpe" : "cpe:/a:redhat:quay:3.10::el8",
    "package" : "quay/quay-rhel8:1779822261"
  }, {
    "product_name" : "Red Hat Quay 3.12",
    "release_date" : "2026-06-02T00:00:00Z",
    "advisory" : "RHSA-2026:22629",
    "cpe" : "cpe:/a:redhat:quay:3.12::el8",
    "package" : "quay/quay-rhel8:1779811412"
  }, {
    "product_name" : "Red Hat Quay 3.14",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:21017",
    "cpe" : "cpe:/a:redhat:quay:3.14::el8",
    "package" : "quay/quay-rhel8:1779689392"
  }, {
    "product_name" : "Red Hat Quay 3.15",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24853",
    "cpe" : "cpe:/a:redhat:quay:3.15::el8",
    "package" : "quay/quay-rhel8:1780891395"
  }, {
    "product_name" : "Red Hat Quay 3.16",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19375",
    "cpe" : "cpe:/a:redhat:quay:3.16::el9",
    "package" : "quay/quay-rhel9:1779204086"
  }, {
    "product_name" : "Red Hat Quay 3.17",
    "release_date" : "2026-06-02T00:00:00Z",
    "advisory" : "RHSA-2026:22465",
    "cpe" : "cpe:/a:redhat:quay:3.17::el9",
    "package" : "quay/quay-rhel9:1779922205"
  }, {
    "product_name" : "Red Hat Quay 3.9",
    "release_date" : "2026-06-04T00:00:00Z",
    "advisory" : "RHSA-2026:23361",
    "cpe" : "cpe:/a:redhat:quay:3.9::el8",
    "package" : "quay/quay-rhel8:1779811473"
  }, {
    "product_name" : "Red Hat Satellite 6.18",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26214",
    "cpe" : "cpe:/a:redhat:satellite:6.18::el9",
    "package" : "satellite/iop-advisor-frontend-rhel9:1781181673"
  }, {
    "product_name" : "Red Hat Satellite 6.18",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26225",
    "cpe" : "cpe:/a:redhat:satellite:6.18::el9",
    "package" : "satellite/iop-vulnerability-frontend-rhel9:1781032495"
  }, {
    "product_name" : "Red Hat Satellite 6.18",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26232",
    "cpe" : "cpe:/a:redhat:satellite:6.18::el9",
    "package" : "satellite/iop-host-inventory-frontend-rhel9:1780105179"
  }, {
    "product_name" : "Red Hat Trusted Artifact Signer 1.3",
    "release_date" : "2026-06-08T00:00:00Z",
    "advisory" : "RHSA-2026:24471",
    "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9",
    "package" : "rhtas/rhtas-console-ui-rhel9:1779971506"
  } ],
  "package_state" : [ {
    "product_name" : "Cryostat 4",
    "fix_state" : "Not affected",
    "package_name" : "axios",
    "cpe" : "cpe:/a:redhat:cryostat:4"
  }, {
    "product_name" : "Gatekeeper 3",
    "fix_state" : "Not affected",
    "package_name" : "gatekeeper/gatekeeper-rhel9",
    "cpe" : "cpe:/a:redhat:gatekeeper:3"
  }, {
    "product_name" : "Migration Toolkit for Applications 8",
    "fix_state" : "Affected",
    "package_name" : "mta/mta-ui-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8"
  }, {
    "product_name" : "Migration Toolkit for Applications 8",
    "fix_state" : "Affected",
    "package_name" : "mta/mta-ui-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Affected",
    "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Affected",
    "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Not affected",
    "package_name" : "openshift-service-mesh/kiali-operator-bundle",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Not affected",
    "package_name" : "openshift-service-mesh/kiali-rhel9-operator",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp21/system",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp22/system",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp2/system-rhel7",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Will not fix",
    "package_name" : "3scale-amp2/system-rhel8",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp2/system-rhel9",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-26/gateway-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "ansible-automation-platform/automation-dashboard-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Will not fix",
    "package_name" : "automation-controller",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "automation-gateway",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Will not fix",
    "package_name" : "automation-hub",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "automation-platform-ui",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "python3.11-galaxy-ng",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "python3.12-galaxy-ng",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "python3x-galaxy-ng",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "python-galaxy-ng",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 2",
    "fix_state" : "Will not fix",
    "package_name" : "axios",
    "cpe" : "cpe:/a:redhat:service_registry:2"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 3",
    "fix_state" : "Affected",
    "package_name" : "apicurio/apicurio-registry-ui-rhel8",
    "cpe" : "cpe:/a:redhat:apicurio_registry:3"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 3",
    "fix_state" : "Affected",
    "package_name" : "apicurio/apicurio-registry-ui-rhel9",
    "cpe" : "cpe:/a:redhat:apicurio_registry:3"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Will not fix",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  }, {
    "product_name" : "Red Hat Data Grid 8",
    "fix_state" : "Not affected",
    "package_name" : "axios",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8"
  }, {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Will not fix",
    "package_name" : "rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/disk-image-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Will not fix",
    "package_name" : "axios",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Not affected",
    "package_name" : "boost",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-dashboard-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-mod-arch-gen-ai-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-mod-arch-maas-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift3/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-monitoring-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Virtualization 4",
    "fix_state" : "Affected",
    "package_name" : "container-native-virtualization/kubevirt-console-plugin",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4"
  }, {
    "product_name" : "Red Hat OpenShift Virtualization 4",
    "fix_state" : "Affected",
    "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Not affected",
    "package_name" : "axios",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Red Hat Trusted Profile Analyzer",
    "fix_state" : "Affected",
    "package_name" : "rhtpa/rhtpa-trustification-service-rhel9",
    "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2"
  }, {
    "product_name" : "Self-service automation portal 2",
    "fix_state" : "Affected",
    "package_name" : "ansible-automation-platform/automation-portal",
    "cpe" : "cpe:/a:redhat:ansible_portal:2"
  }, {
    "product_name" : "streams for Apache Kafka 2",
    "fix_state" : "Not affected",
    "package_name" : "axios",
    "cpe" : "cpe:/a:redhat:amq_streams:2"
  }, {
    "product_name" : "streams for Apache Kafka 3",
    "fix_state" : "Not affected",
    "package_name" : "axios",
    "cpe" : "cpe:/a:redhat:amq_streams:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-42035\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-42035\nhttps://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9" ],
  "name" : "CVE-2026-42035",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}