Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-39865
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-08 Apr, 2026 | 14:25
Updated At-27 Apr, 2026 | 17:00
Rejected At-
▼CVE Numbering Authority (CNA)
Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability exists in the Http2Sessions.getSession() method in lib/adapters/http.js. The session cleanup logic contains a control flow error when removing sessions from the sessions array. This vulnerability is fixed in 1.13.2.

Affected Products
Vendor
axios
Product
axios
Versions
Affected
  • >= 1.13.0, < 1.13.2
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400: Uncontrolled Resource Consumption
CWECWE-662CWE-662: Improper Synchronization
Type: CWE
CWE ID: CWE-400
Description: CWE-400: Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-662
Description: CWE-662: Improper Synchronization
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/axios/axios/security/advisories/GHSA-qj83-cq47-w5f8
x_refsource_CONFIRM
https://github.com/axios/axios/commit/0588880ac7ddba7594ef179930493884b7e90bf5
x_refsource_MISC
https://github.com/axios/axios/releases/tag/v1.13.2
x_refsource_MISC
Hyperlink: https://github.com/axios/axios/security/advisories/GHSA-qj83-cq47-w5f8
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/axios/axios/commit/0588880ac7ddba7594ef179930493884b7e90bf5
Resource:
x_refsource_MISC
Hyperlink: https://github.com/axios/axios/releases/tag/v1.13.2
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found