CVE Vulnerabilities

CVE-2026-44487

Insertion of Sensitive Information Into Sent Data

Published: Jun 11, 2026 | Modified: Jul 02, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0.

Weakness

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Affected Software

NameVendorStart VersionEnd Version
AxiosAxios*0.32.0 (excluding)
AxiosAxios1.0.0 (including)1.16.0 (excluding)
Multicluster engine for Kubernetes 2.8RedHatmulticluster-engine/console-mce-rhel9:1782157085*
Red Hat Advanced Cluster Management for Kubernetes 2.13RedHatrhacm2/console-rhel9:1782157514*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-main-rhel8:1779293013*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-main-rhel8:1779371594*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/gateway-rhel9:1782761510*
Red Hat Developer Hub 1.9RedHatrhdh/rhdh-hub-rhel9:1781187342*
Red Hat Developer Hub 1.9RedHatrhdh/rhdh-hub-rhel9:1782761244*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:1782166952*
Red Hat OpenShift Container Platform 4.15RedHatopenshift4/ose-console:1782127091*
Red Hat OpenShift Container Platform 4.16RedHatopenshift4/ose-console-rhel9:1782244020*
Red Hat OpenShift Container Platform 4.19RedHatopenshift4/ose-monitoring-plugin-rhel9:1782171032*
Red Hat OpenShift Container Platform 4.20RedHatopenshift4/ose-monitoring-plugin-rhel9:1781695012*
Red Hat OpenShift Container Platform 4.21RedHatopenshift4/ose-monitoring-plugin-rhel9:1781731914*
Red Hat OpenShift Service Mesh 2.6RedHatopenshift-service-mesh/kiali-ossmc-rhel8:1781937133*
Red Hat OpenShift Service Mesh 2.6RedHatopenshift-service-mesh/kiali-rhel8:1782287580*
Red Hat OpenShift Service Mesh 3.0RedHatopenshift-service-mesh/kiali-ossmc-rhel9:1782201894*
Red Hat OpenShift Service Mesh 3.0RedHatopenshift-service-mesh/kiali-rhel9:1782201833*
Red Hat OpenShift Service Mesh 3.1RedHatopenshift-service-mesh/kiali-ossmc-rhel9:1782201696*
Red Hat OpenShift Service Mesh 3.1RedHatopenshift-service-mesh/kiali-rhel9:1782201537*
Red Hat OpenShift Service Mesh 3.2RedHatopenshift-service-mesh/kiali-ossmc-rhel9:1782201851*
Red Hat OpenShift Service Mesh 3.2RedHatopenshift-service-mesh/kiali-rhel9:1782201812*
Red Hat OpenShift Service Mesh 3.3RedHatopenshift-service-mesh/kiali-ossmc-rhel9:1782231869*
Red Hat OpenShift Service Mesh 3.3RedHatopenshift-service-mesh/kiali-rhel9:1782201466*
Red Hat Satellite 6.19RedHatsatellite/iop-vulnerability-frontend-rhel9:1781174698*
Red Hat Satellite 6.19RedHatsatellite/iop-host-inventory-frontend-rhel9:1782253070*
Red Hat Satellite 6.19RedHatsatellite/iop-advisor-frontend-rhel9:1782243376*
Node-axiosUbuntuupstream*

Potential Mitigations

  • Compartmentalize the system to have “safe” areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

References