Main Vulnerability Database Exploits ID:12757 - Exploit for Prototype pollution in axios - CVE-2026-44490

ID:12757 - Exploit for Prototype pollution in axios - CVE-2026-44490

Published: May 29, 2026

Vulnerability identifier: #VU132756

Vulnerability risk: Medium

CVE-ID: CVE-2026-44490

CWE-ID: CWE-1321

Exploitation vector: Remote access

Vulnerable software:
axios

Link to public exploit:

https://github.com/axios/axios/security/advisories/GHSA-898c-q2cr-xwhg/#poc

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation in the merge() function in lib/utils.js. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in data manipulation or denial of service (DoS) condition.

Remediation

Install updates from vendor's website.

ID:12757 - Exploit for Prototype pollution in axios - CVE-2026-44490

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human