Npm · Axios · CVE-2026-42043
**Name of the Vulnerable Software and Affected Versions**
Axios versions prior to 1.15.1
Axios versions prior to 0.31.1
**Description**
An attacker capable of influencing the target URL of a request can bypass the NO PROXY protection by using any address in the 127.0.0.0/8 range, excluding 127.0.0.1.
**Recommendations**
Update to version 1.15.1.
Update to version 0.31.1.