PT-2026-35052 · Npm · Axios

Sachinpatilpsp

·

Published

2026-04-24

·

Updated

2026-05-18

·

CVE-2026-42043

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1
Description An attacker capable of influencing the target URL of a request can bypass the NO PROXY protection by using any address in the 127.0.0.0/8 range, excluding 127.0.0.1.
Recommendations Update to version 1.15.1. Update to version 0.31.1.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-183CWE-441

Related Identifiers

CLEANSTART-2026-BE61221
CLEANSTART-2026-LC05413
CVE-2026-42043
GHSA-PMWG-CVHR-8VH7

Affected Products

Axios