Prototype Pollution Gadget (CWE-1321) in Axios Client

CVE-2026-44495

Published:

Jun 11, 2026

Status:

Undergoing Analysis

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-74;CWE-94

HIGH RISK

HIGH

(7.3)

Code Injection (CWE-94) in ANTLR4 Grammar Action Block

Arbitrary Code Execution in Generated Artifacts

June 28, 2026

CWE-74;CWE-89

HIGH RISK

HIGH

(7.3)

SQL Injection (CWE-89) in Restaurant Password Reset

Authentication Data Exposure and Account Compromise

June 28, 2026

Vulnerability Type

Category:

Prototype Pollution Gadget / Code Injection

CWE:

CWE-94;CWE-1321

Impact:

Attacker-controlled behavior in HTTP request processing, potentially escalating a prior prototype-pollution issue into code injection or response manipulation

Severity:

HIGH RISK

(7.0)

CVSS Version:

3.1

Vulnerability Type

Category:

Prototype Pollution Gadget / Code Injection

CWE:

CWE-94;CWE-1321

Impact:

Attacker-controlled behavior in HTTP request processing, potentially escalating a prior prototype-pollution issue into code injection or response manipulation

Severity:

HIGH RISK

(7.0)

CVSS Version:

3.1