Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0.
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44487.json
https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v
https://bugzilla.redhat.com/show_bug.cgi?id=2487948
https://access.redhat.com/security/cve/CVE-2026-44487
https://access.redhat.com/errata/RHSA-2026:34530
https://access.redhat.com/errata/RHSA-2026:34527
https://access.redhat.com/errata/RHSA-2026:34525
https://access.redhat.com/errata/RHSA-2026:34374
https://access.redhat.com/errata/RHSA-2026:33574
https://access.redhat.com/errata/RHSA-2026:33183
https://access.redhat.com/errata/RHSA-2026:33173
https://access.redhat.com/errata/RHSA-2026:33163
https://access.redhat.com/errata/RHSA-2026:33160
https://access.redhat.com/errata/RHSA-2026:33155
https://access.redhat.com/errata/RHSA-2026:30651
https://access.redhat.com/errata/RHSA-2026:30650
https://access.redhat.com/errata/RHSA-2026:29864
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:29082
https://access.redhat.com/errata/RHSA-2026:28964
https://access.redhat.com/errata/RHSA-2026:27063
https://access.redhat.com/errata/RHSA-2026:27044
https://access.redhat.com/errata/RHSA-2026:26234
Published: 2026-06-11
Updated: 2026-07-02
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Severity: High
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: High
Base Score: 8.2
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Severity: High
EPSS: 0.00042