top of page
perceptive_background_267k.jpg

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request c…

Published:

23 april 2026 om 22:00:00

Alert date:

24 april 2026 om 19:03:24

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

Axios HTTP client library contains a vulnerability that allows attackers to bypass NO_PROXY protection by using addresses in the 127.0.0.0/8 range other than 127.0.0.1. This affects versions prior to 1.15.1 and 0.31.1 in both browser and Node.js environments. The vulnerability stems from an incomplete fix for CVE-2025-62718. Attackers who can influence the target URL of an Axios request can exploit this to circumvent proxy restrictions. The issue has been resolved in versions 1.15.1 and 0.31.1.

Technical details

Mitigation steps:

Affected products:

Axios

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42043
https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page