CVE-2026-25639
CVE Details
Visit the official vulnerability details page for CVE-2026-25639 to learn more.
Initial Publication
02/09/2026
Last Update
02/09/2026
Third Party Dependency
axios
NIST CVE Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5.
CVE Severity
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
Status
Awaiting Analysis
Affected Products & Versions
| Version | PaletteAI | PaletteAI VerteX |
|---|---|---|
| 0.6.6 | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.