{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-44492", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-05-06T17:18:51.783Z", "datePublished": "2026-06-11T15:29:13.890Z", "dateUpdated": "2026-06-30T12:06:13.795Z"}, "containers": {"cna": {"title": "Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"}], "affected": [{"vendor": "axios", "product": "axios", "versions": [{"version": ">= 1.0.0, < 1.16.0", "status": "affected"}, {"version": "< 0.32.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-11T15:29:13.890Z"}, "descriptions": [{"lang": "en", "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0."}], "source": {"advisory": "GHSA-pjwm-pj3p-43mv", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-13T02:10:20.471026Z", "id": "CVE-2026-44492", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-13T02:11:59.696Z"}}, {"affected": [{"cpes": ["cpe:/a:redhat:acm:2.13::el9"], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4.14::el9"], "defaultStatus": "affected", "product": "Red Hat Container Native Virtualization 4.14", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhdh:1.9::el9"], "defaultStatus": "affected", "product": "Red Hat Developer Hub 1.9", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:discovery:2::el9"], "defaultStatus": "affected", "product": "Red Hat Discovery 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4.20::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.20", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4.21::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.21", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:2.6::el8"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 2.6", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.0::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.0", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.1::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.1", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.2::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.3::el9"], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:multicluster_engine:2.8::el9"], "defaultStatus": "affected", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:cryostat:4"], "defaultStatus": "affected", "product": "Cryostat 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "defaultStatus": "affected", "product": "Migration Toolkit for Applications 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhmt:1"], "defaultStatus": "affected", "product": "Migration Toolkit for Containers", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:network_observ_optr:1"], "defaultStatus": "affected", "product": "Network Observability Operator", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_pipelines:1"], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4"], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:amq_broker:7"], "defaultStatus": "affected", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2"], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:apache_camel_hawtio:4"], "defaultStatus": "affected", "product": "Red Hat build of Apache Camel - HawtIO 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:apicurio_registry:3"], "defaultStatus": "affected", "product": "Red Hat build of Apicurio Registry 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:podman_desktop:0"], "defaultStatus": "affected", "product": "Red Hat Build of Podman Desktop - Tech Preview", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "defaultStatus": "affected", "product": "Red Hat Data Grid 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux_ai:3"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "defaultStatus": "affected", "product": "Red Hat Fuse 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_devspaces:3"], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:quay:3"], "defaultStatus": "affected", "product": "Red Hat Quay 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:trusted_artifact_signer:1"], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:trusted_profile_analyzer:2"], "defaultStatus": "affected", "product": "Red Hat Trusted Profile Analyzer", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:ansible_portal:2"], "defaultStatus": "affected", "product": "Self-service automation portal 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:gatekeeper:3"], "defaultStatus": "unaffected", "product": "Gatekeeper 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:service_mesh:3"], "defaultStatus": "unaffected", "product": "OpenShift Service Mesh 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:red_hat_3scale_amp:2"], "defaultStatus": "unaffected", "product": "Red Hat 3scale API Management Platform 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:4"], "defaultStatus": "unaffected", "product": "Red Hat build of Apache Camel for Spring Boot 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "defaultStatus": "unaffected", "product": "Red Hat Satellite 6", "vendor": "Red Hat"}], "datePublic": "2026-06-11T15:29:13.890Z", "descriptions": [{"lang": "en", "value": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-289", "description": "Authentication Bypass by Alternate Name", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-44492"}, {"name": "RHBZ#2487938", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44492.json"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:30651"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33005"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:26234"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:29197"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27063"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27044"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33155"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33160"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33163"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33173"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33183"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:30650"}], "solutions": [{"lang": "en", "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"}, {"lang": "en", "value": "RHSA-2026:33005: Red Hat Container Native Virtualization 4.14"}, {"lang": "en", "value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"}, {"lang": "en", "value": "RHSA-2026:29197: Red Hat Discovery 2"}, {"lang": "en", "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"}, {"lang": "en", "value": "RHSA-2026:27044: Red Hat OpenShift Container Platform 4.21"}, {"lang": "en", "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"}, {"lang": "en", "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0"}, {"lang": "en", "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"}, {"lang": "en", "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"}, {"lang": "en", "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"}, {"lang": "en", "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"}], "timeline": [{"lang": "en", "time": "2026-06-11T17:00:56.761Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-11T15:29:13.890Z", "value": "Made public."}], "title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:06:13.795Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:acm:2.13::el9"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4.14::el9"], "vendor": "Red Hat", "product": "Red Hat Container Native Virtualization 4.14", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhdh:1.9::el9"], "vendor": "Red Hat", "product": "Red Hat Developer Hub 1.9", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:discovery:2::el9"], "vendor": "Red Hat", "product": "Red Hat Discovery 2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.20", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.21::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.21", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:2.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 2.6", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.0::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.0", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.1::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.1", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.2::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3.3::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Service Mesh 3.3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine:2.8::el9"], "vendor": "Red Hat", "product": "multicluster engine for Kubernetes 2.8", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:4"], "vendor": "Red Hat", "product": "Cryostat 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhmt:1"], "vendor": "Red Hat", "product": "Migration Toolkit for Containers", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:network_observ_optr:1"], "vendor": "Red Hat", "product": "Network Observability Operator", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_pipelines:1"], "vendor": "Red Hat", "product": "OpenShift Pipelines", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:amq_broker:7"], "vendor": "Red Hat", "product": "Red Hat AMQ Broker 7", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:apache_camel_hawtio:4"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel - HawtIO 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:apicurio_registry:3"], "vendor": "Red Hat", "product": "Red Hat build of Apicurio Registry 3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:podman_desktop:0"], "vendor": "Red Hat", "product": "Red Hat Build of Podman Desktop - Tech Preview", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux_ai:3"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "vendor": "Red Hat", "product": "Red Hat Fuse 7", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_devspaces:3"], "vendor": "Red Hat", "product": "Red Hat OpenShift Dev Spaces", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3"], "vendor": "Red Hat", "product": "Red Hat Quay 3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:trusted_artifact_signer:1"], "vendor": "Red Hat", "product": "Red Hat Trusted Artifact Signer", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:trusted_profile_analyzer:2"], "vendor": "Red Hat", "product": "Red Hat Trusted Profile Analyzer", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_portal:2"], "vendor": "Red Hat", "product": "Self-service automation portal 2", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:gatekeeper:3"], "vendor": "Red Hat", "product": "Gatekeeper 3", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:service_mesh:3"], "vendor": "Red Hat", "product": "OpenShift Service Mesh 3", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:red_hat_3scale_amp:2"], "vendor": "Red Hat", "product": "Red Hat 3scale API Management Platform 2", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:4"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot 4", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "vendor": "Red Hat", "product": "Red Hat Satellite 6", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-06-11T17:00:56.761Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-11T15:29:13.890Z", "value": "Made public."}], "solutions": [{"lang": "en", "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"}, {"lang": "en", "value": "RHSA-2026:33005: Red Hat Container Native Virtualization 4.14"}, {"lang": "en", "value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"}, {"lang": "en", "value": "RHSA-2026:29197: Red Hat Discovery 2"}, {"lang": "en", "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"}, {"lang": "en", "value": "RHSA-2026:27044: Red Hat OpenShift Container Platform 4.21"}, {"lang": "en", "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"}, {"lang": "en", "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0"}, {"lang": "en", "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"}, {"lang": "en", "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"}, {"lang": "en", "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"}, {"lang": "en", "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"}], "x_adpType": "supplier", "datePublic": "2026-06-11T15:29:13.890Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-44492", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938", "name": "RHBZ#2487938", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44492.json", "tags": ["x_sadp-csaf-vex"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30651", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33005", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:26234", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:29197", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:27063", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:27044", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33155", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33160", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33163", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33173", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:33183", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30650", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "sadp-cli 1.0.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-289", "description": "Authentication Bypass by Alternate Name"}]}], "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T03:15:51.142Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-44492", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-13T02:10:20.471026Z"}}}], "references": [{"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-13T02:11:25.949Z"}}], "cna": {"title": "Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)", "source": {"advisory": "GHSA-pjwm-pj3p-43mv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "axios", "product": "axios", "versions": [{"status": "affected", "version": ">= 1.0.0, < 1.16.0"}, {"status": "affected", "version": "< 0.32.0"}]}], "references": [{"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv", "name": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-11T15:29:13.890Z"}}}, "cveMetadata": {"cveId": "CVE-2026-44492", "state": "PUBLISHED", "dateUpdated": "2026-06-30T03:15:51.142Z", "dateReserved": "2026-05-06T17:18:51.783Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-11T15:29:13.890Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "CC9D9AB4-047A-4638-AF10-7D08587A01C8", "versionEndExcluding": "0.32.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "BE82EB7B-A379-416F-9737-4191F720B8C6", "versionEndExcluding": "1.16.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0."}], "id": "CVE-2026-44492", "lastModified": "2026-06-13T03:16:20.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-06-11T17:16:33.167", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization", "id": "2487938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-289", "details": ["Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0.", "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-44492", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "axios", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Affected", "package_name": "cryostat-openshift-console-plugin-npm", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Affected", "package_name": "gatekeeper/gatekeeper-rhel9", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-ui-rhel8", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-ui-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:rhmt:1", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-ui-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Affected", "package_name": "network-observability/network-observability-console-plugin-pf4-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Affected", "package_name": "network-observability/network-observability-console-plugin-pf5-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Affected", "package_name": "network-observability/network-observability-console-plugin-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-operator-bundle", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp21/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp22/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp2/system-rhel7", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp2/system-rhel8", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp2/system-rhel9", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/console-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-27/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/automation-dashboard-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-hub", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-platform-ui", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3.11-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3.12-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3x-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Affected", "package_name": "apicurio/apicurio-registry-ui-rhel8", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Affected", "package_name": "apicurio/apicurio-registry-ui-rhel9", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Affected", "package_name": "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "axios", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:discovery:2::el9", "fix_state": "Affected", "package_name": "discovery/discovery-ui-rhel9", "product_name": "Red Hat Discovery 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-gaudi-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/disk-image-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "axios", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-dashboard-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-automl-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-autorag-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-eval-hub-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-gen-ai-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-maas-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-model-registry-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-ui-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-console-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/code-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite/iop-advisor-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite/iop-host-inventory-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite/iop-vulnerability-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Affected", "package_name": "rhtas/rhtas-console-ui-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Affected", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/automation-portal", "product_name": "Self-service automation portal 2"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/bootc-automation-portal-rhel9", "product_name": "Self-service automation portal 2"}], "public_date": "2026-06-11T15:29:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-44492\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-44492\nhttps://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.16.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.32.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "axios", "source": "cna", "vendor": "axios"}, "product": "axios", "vendor": "axios"}], "created": "2026-06-11T19:45:36.632183+00:00", "updated": "2026-06-13T02:30:06.951830+00:00", "vendors": ["axios", "axios$PRODUCT$axios"]}