Skip to content
MindPattern
Wire
Briefings
Search
Subscribe
← The Wire
Source trail
Striga AI / Hacker News
Public MindPattern findings, entities, and graph evidence that cite this source.
Findings
1
All-time hits
1
High value
0
Last seen
2026-03-28
Related findings
2026-03-28 / HACKER NEWS
Axios CVE-2026-25639: Single JSON Key Crashes Node.js Servers — CVSS 7.5 Prototype Pollution in World's Most Popular HTTP Client
CVE-2026-25639 (CVSS 7.5) allows a single malicious JSON payload containing a __proto__ key to crash any Node.js server using Axios for request configuration. The vulnerability in mergeConfig causes a TypeError when Object.prototype is invoked as a function, crashing the process before any assignment occurs. Axios is the most downloaded HTTP client on npm. Fix available in versions 0.30.3 and 1.13.5+. The research was presented by Striga AI and has 10 points on HN.
Open latest cited source
Wire
Briefings
Search
Subscribe