CVE-2026-42033: Prototype Pollution Gadget Chain in Axios HTTP Client Vulnerability ID: CVE-2026-42033 CVSS Score: 7.4 Published: 2026-05-05 Axios insecurely reads multiple configuration properties from the global Object.prototype, acting as an exploitation gadget for prototype pollution vulnerabilities. An attacker who pollutes Object.prototype elsewhere in the application can leverage Axios to intercept responses, hijack outgoing requests, and exfiltrate sensitive HTTP data. TL;DR A high-severity flaw in Axios allows attackers to hijack HTTP requests and responses by leveraging prototype pollution gadgets, leading to credential theft and response spoofing.…