PT-2026-35046 · Npm · Axios
Published
2026-04-24
·
Updated
2026-04-24
·
CVE-2026-42036
CVSS v3.1
5.3
Medium
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Axios versions prior to 1.15.1
Axios versions prior to 0.31.1
Description
When the
responseType variable is set to 'stream', the software returns the response stream without enforcing maxContentLength. This allows unbounded downstream consumption by bypassing configured response-size limits.Recommendations
Update to version 1.15.1 or newer.
Update to version 0.31.1 or newer.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axios