CVE-2026-42043

critical

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1.

References

https://www.securityweek.com/atlassian-splunk-patch-critical-vulnerabilities/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42043.json

https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7

https://bugzilla.redhat.com/show_bug.cgi?id=2461626

https://access.redhat.com/security/cve/CVE-2026-42043

https://access.redhat.com/errata/RHSA-2026:33574

https://access.redhat.com/errata/RHSA-2026:26234

https://access.redhat.com/errata/RHSA-2026:26232

https://access.redhat.com/errata/RHSA-2026:26225

https://access.redhat.com/errata/RHSA-2026:26214

https://access.redhat.com/errata/RHSA-2026:25273

https://access.redhat.com/errata/RHSA-2026:25271

https://access.redhat.com/errata/RHSA-2026:25089

https://access.redhat.com/errata/RHSA-2026:25041

https://access.redhat.com/errata/RHSA-2026:24977

https://access.redhat.com/errata/RHSA-2026:24853

https://access.redhat.com/errata/RHSA-2026:24539

https://access.redhat.com/errata/RHSA-2026:24536

https://access.redhat.com/errata/RHSA-2026:23361

https://access.redhat.com/errata/RHSA-2026:22840

https://access.redhat.com/errata/RHSA-2026:22629

https://access.redhat.com/errata/RHSA-2026:22619

https://access.redhat.com/errata/RHSA-2026:22465

https://access.redhat.com/errata/RHSA-2026:21772

https://access.redhat.com/errata/RHSA-2026:21338

https://access.redhat.com/errata/RHSA-2026:21017

https://access.redhat.com/errata/RHSA-2026:20938

https://access.redhat.com/errata/RHSA-2026:20889

https://access.redhat.com/errata/RHSA-2026:19375

https://access.redhat.com/errata/RHSA-2026:19109

https://access.redhat.com/errata/RHSA-2026:17699

https://access.redhat.com/errata/RHSA-2026:17657

https://access.redhat.com/errata/RHSA-2026:17474

https://access.redhat.com/errata/RHSA-2026:17468

https://access.redhat.com/errata/RHSA-2026:16874

https://access.redhat.com/errata/RHSA-2026:16542

https://access.redhat.com/errata/RHSA-2026:16535

https://access.redhat.com/errata/RHSA-2026:16534

https://access.redhat.com/errata/RHSA-2026:16532

https://access.redhat.com/errata/RHSA-2026:16476

https://access.redhat.com/errata/RHSA-2026:14937

Details

Source: Mitre, NVD

Published: 2026-04-24

Updated: 2026-07-01

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 10

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00027