{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-44487", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-05-06T17:18:51.783Z", "datePublished": "2026-06-11T15:38:25.150Z", "dateUpdated": "2026-06-30T12:06:14.403Z"}, "containers": {"cna": {"title": "Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter", "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "lang": "en", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"}], "affected": [{"vendor": "axios", "product": "axios", "versions": [{"version": ">= 1.0.0, < 1.16.0", "status": "affected"}, {"version": "< 0.32.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-11T15:38:25.150Z"}, "descriptions": [{"lang": "en", "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios\u2019s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0."}], "source": {"advisory": "GHSA-p92q-9vqr-4j8v", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-11T18:17:25.366630Z", "id": "CVE-2026-44487", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T18:17:31.939Z"}}, {"affected": [{"cpes": ["cpe:/a:redhat:acm:2.13::el9"], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhdh:1.9::el9"], "defaultStatus": "affected", "product": "Red Hat Developer Hub 1.9", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:discovery:2::el9"], "defaultStatus": "affected", "product": "Red Hat Discovery 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4.20::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.20", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4.21::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.21", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:2.6::el8"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 2.6", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.0::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.0", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.1::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.1", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.2::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.3::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:multicluster_engine:2.8::el9"], "defaultStatus": "affected", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:cryostat:4"], "defaultStatus": "affected", "product": "Cryostat 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "defaultStatus": "affected", "product": "Migration Toolkit for Applications 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhmt:1"], "defaultStatus": "affected", "product": "Migration Toolkit for Containers", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:network_observ_optr:1"], "defaultStatus": "affected", "product": "Network Observability Operator", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_pipelines:1"], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4"], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:amq_broker:7"], "defaultStatus": "affected", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2"], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:apache_camel_hawtio:4"], "defaultStatus": "affected", "product": "Red Hat build of Apache Camel - HawtIO 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:apicurio_registry:3"], "defaultStatus": "affected", "product": "Red Hat build of Apicurio Registry 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:podman_desktop:0"], "defaultStatus": "affected", "product": "Red Hat Build of Podman Desktop - Tech Preview", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "defaultStatus": "affected", "product": "Red Hat Data Grid 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux_ai:3"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "defaultStatus": "affected", "product": "Red Hat Fuse 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_devspaces:3"], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:quay:3"], "defaultStatus": "affected", "product": "Red Hat Quay 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "defaultStatus": "affected", "product": "Red Hat Satellite 6", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:trusted_artifact_signer:1"], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:trusted_profile_analyzer:2"], "defaultStatus": "affected", "product": "Red Hat Trusted Profile Analyzer", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:ansible_portal:2"], "defaultStatus": "affected", "product": "Self-service automation portal 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:gatekeeper:3"], "defaultStatus": "unaffected", "product": "Gatekeeper 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3"], "defaultStatus": "unaffected", "product": "OpenShift Service Mesh 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:red_hat_3scale_amp:2"], "defaultStatus": "unaffected", "product": "Red Hat 3scale API Management Platform 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:4"], "defaultStatus": "unaffected", "product": "Red Hat build of Apache Camel for Spring Boot 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat"}], "datePublic": "2026-06-11T15:38:25.150Z", "descriptions": [{"lang": "en", "value": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-44487"}, {"name": "RHBZ#2487948", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44487.json"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:30651"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:26234"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:29197"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27063"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27044"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33155"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33160"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33163"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33173"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33183"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:30650"}], "solutions": [{"lang": "en", "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"}, {"lang": "en", "value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"}, {"lang": "en", "value": "RHSA-2026:29197: Red Hat Discovery 2"}, {"lang": "en", "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"}, {"lang": "en", "value": "RHSA-2026:27044: Red Hat OpenShift Container Platform 4.21"}, {"lang": "en", "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"}, {"lang": "en", "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0"}, {"lang": "en", "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"}, {"lang": "en", "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"}, {"lang": "en", "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"}, {"lang": "en", "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"}], "timeline": [{"lang": "en", "time": "2026-06-11T17:01:34.091Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-11T15:38:25.150Z", "value": "Made public."}], "title": "axios: Axios: Information disclosure of proxy credentials via redirect flows", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:06:14.403Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:acm:2.13::el9"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhdh:1.9::el9"], "vendor": "Red Hat", "product": "Red Hat Developer Hub 1.9", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:discovery:2::el9"], "vendor": "Red Hat", "product": "Red Hat Discovery 2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.20", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.21::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.21", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:2.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 2.6", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.0::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.0", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.1::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.1", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.2::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.3::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine:2.8::el9"], "vendor": "Red Hat", "product": "multicluster engine for Kubernetes 2.8", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:4"], "vendor": "Red Hat", "product": "Cryostat 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhmt:1"], "vendor": "Red Hat", "product": "Migration Toolkit for Containers", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:network_observ_optr:1"], "vendor": "Red Hat", "product": "Network Observability Operator", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_pipelines:1"], "vendor": "Red Hat", "product": "OpenShift Pipelines", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:amq_broker:7"], "vendor": "Red Hat", "product": "Red Hat AMQ Broker 7", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:apache_camel_hawtio:4"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel - HawtIO 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:apicurio_registry:3"], "vendor": "Red Hat", "product": "Red Hat build of Apicurio Registry 3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:podman_desktop:0"], "vendor": "Red Hat", "product": "Red Hat Build of Podman Desktop - Tech Preview", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux_ai:3"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "vendor": "Red Hat", "product": "Red Hat Fuse 7", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_devspaces:3"], "vendor": "Red Hat", "product": "Red Hat OpenShift Dev Spaces", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3"], "vendor": "Red Hat", "product": "Red Hat Quay 3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "vendor": "Red Hat", "product": "Red Hat Satellite 6", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:trusted_artifact_signer:1"], "vendor": "Red Hat", "product": "Red Hat Trusted Artifact Signer", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:trusted_profile_analyzer:2"], "vendor": "Red Hat", "product": "Red Hat Trusted Profile Analyzer", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_portal:2"], "vendor": "Red Hat", "product": "Self-service automation portal 2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:gatekeeper:3"], "vendor": "Red Hat", "product": "Gatekeeper 3", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3"], "vendor": "Red Hat", "product": "OpenShift Service Mesh 3", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:red_hat_3scale_amp:2"], "vendor": "Red Hat", "product": "Red Hat 3scale API Management Platform 2", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:4"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot 4", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-06-11T17:01:34.091Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-11T15:38:25.150Z", "value": "Made public."}], "solutions": [{"lang": "en", "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"}, {"lang": "en", "value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"}, {"lang": "en", "value": "RHSA-2026:29197: Red Hat Discovery 2"}, {"lang": "en", "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"}, {"lang": "en", "value": "RHSA-2026:27044: Red Hat OpenShift Container Platform 4.21"}, {"lang": "en", "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"}, {"lang": "en", "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0"}, {"lang": "en", "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"}, {"lang": "en", "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"}, {"lang": "en", "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"}, {"lang": "en", "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"}], "x_adpType": "supplier", "datePublic": "2026-06-11T15:38:25.150Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-44487", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948", "name": "RHBZ#2487948", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44487.json", "tags": ["x_sadp-csaf-vex"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30651", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:26234", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:29197", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:27063", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:27044", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33155", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33160", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33163", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33173", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33183", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30650", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "sadp-cli 1.0.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T03:15:51.733Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-44487", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-11T18:17:25.366630Z"}}}], "references": [{"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T18:16:47.230Z"}}], "cna": {"title": "Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter", "source": {"advisory": "GHSA-p92q-9vqr-4j8v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "axios", "product": "axios", "versions": [{"status": "affected", "version": ">= 1.0.0, < 1.16.0"}, {"status": "affected", "version": "< 0.32.0"}]}], "references": [{"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v", "name": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios\u2019s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-11T15:38:25.150Z"}}}, "cveMetadata": {"cveId": "CVE-2026-44487", "state": "PUBLISHED", "dateUpdated": "2026-06-30T03:15:51.733Z", "dateReserved": "2026-05-06T17:18:51.783Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-11T15:38:25.150Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "CC9D9AB4-047A-4638-AF10-7D08587A01C8", "versionEndExcluding": "0.32.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "BE82EB7B-A379-416F-9737-4191F720B8C6", "versionEndExcluding": "1.16.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios\u2019s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0."}], "id": "CVE-2026-44487", "lastModified": "2026-06-12T19:19:05.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-06-11T17:16:32.607", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "axios: Axios: Information disclosure of proxy credentials via redirect flows", "id": "2487948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-201", "details": ["Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios\u2019s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0.", "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-44487", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "axios", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "cryostat-openshift-console-plugin-npm", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Affected", "package_name": "gatekeeper/gatekeeper-rhel9", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-ui-rhel8", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-ui-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:rhmt:1", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-ui-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Affected", "package_name": "network-observability/network-observability-console-plugin-pf4-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Affected", "package_name": "network-observability/network-observability-console-plugin-pf5-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Affected", "package_name": "network-observability/network-observability-console-plugin-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-operator-bundle", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp21/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp22/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp2/system-rhel7", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp2/system-rhel8", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp2/system-rhel9", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/console-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-27/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/automation-dashboard-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-hub", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-platform-ui", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3.11-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3.12-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3x-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Affected", "package_name": "apicurio/apicurio-registry-ui-rhel8", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Affected", "package_name": "apicurio/apicurio-registry-ui-rhel9", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Affected", "package_name": "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:discovery:2::el9", "fix_state": "Affected", "package_name": "discovery/discovery-ui-rhel9", "product_name": "Red Hat Discovery 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-gaudi-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/disk-image-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "axios", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-dashboard-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-automl-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-autorag-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-eval-hub-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-gen-ai-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-maas-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-model-registry-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-ui-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-console-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/code-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite/iop-advisor-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite/iop-host-inventory-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite/iop-vulnerability-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Affected", "package_name": "rhtas/rhtas-console-ui-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Affected", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/automation-portal", "product_name": "Self-service automation portal 2"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/bootc-automation-portal-rhel9", "product_name": "Self-service automation portal 2"}], "public_date": "2026-06-11T15:38:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-44487\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-44487\nhttps://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.16.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.32.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "axios", "source": "cna", "vendor": "axios"}, "product": "axios", "vendor": "axios"}], "created": "2026-06-11T19:30:17.999960+00:00", "updated": "2026-06-11T21:15:07.155539+00:00", "vendors": ["axios", "axios$PRODUCT$axios"]}