QSearchQSearch

CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js

Published: 2026-06-11 · Last updated: 2026-06-11

Severity and scoring

CWE
CWE-201

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-46481 OpenMetadata is a unified metadata platform (8.3 HIGH)
  • CVE-2026-42539 IRIS is a web collaborative platform that helps incident responders share technical details during investigations (6.5 MEDIUM)
  • CVE-2026-45739 Strawberry GraphQL is a library for creating GraphQL APIs (3.1 LOW)
  • CVE-2026-4035 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which... (7.7 HIGH)
  • CVE-2026-44653 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (6.5 MEDIUM)