4641 matches found
CVE-2026-39865
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865
Axios HTTP/2 session cleanup state corruption in Http2Sessions.getSession() (lib/adapters/http.js) is fixed in 1.13.2. Prior to 1.13.2, the cleanup logic could corrupt state when removing sessions from the sessions array, allowing a malicious server to crash the client process via concurrent sess...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios itself, based on Promise a solution for asynchronous programming. Versions of Axios prior to 1.13.2 contain security vulnerabilities; these vulnerabilities stem from state corruption and could potentially lead to process crashes...
PT-2026-31322
Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.13.2 Description A flaw exists in the Axios HTTP/2 session cleanup logic, allowing a malicious server to crash the client process through concurrent session closures. The issue resides in the Http2Sessions.getSession...
Linux Distros Unpatched Vulnerability : CVE-2026-39865
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a...
CVE-2026-34841
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
CVE-2026-34841
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
Security Bulletin: IBM OpenAPI SDK Generator (Node.js) is affected by the Axios supply chain attack
Summary Due to an Axios supply chain attack, a fix for IBM Node.js SDK Core https://github.com/IBM/node-sdk-core was made available on April 2, 2026 21:03 UTC to mitigate the attack. If you used a previous version there is a possibility the affected Axios package could have been available on your...
CVE-2026-34841 Axios npm Supply Chain Incident Impacting @usebruno/cli
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
CVE-2026-34841 Axios npm Supply Chain Incident Impacting @usebruno/cli
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
EUVD-2026-19354
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
CVE-2026-34841
Bruno (open source IDE for APIs) was affected by a supply-chain incident prior to version 3.2.1 involving compromised axios releases that introduced a hidden dependency deploying a cross‑platform Remote Access Trojan (RAT). The affected window was npm install between 00:21 UTC and ~03:30 UTC on 3...
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig...
Bruno 安全漏洞
Bruno is an open-source IDE developed by usebruno, designed for exploring and testing APIs. Versions of Bruno prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by a supply chain attack involving a tampered axios npm package, which could potentially deploy...
Do not get high(jacked) off your own supply (chain)
In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...
Axios NPM supply chain incident
Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios node package manager npm package during which two malicious versions v1.14.1 and v0.30.4 were deployed. Axios is one of the more popular JavaScript libraries with as many as 100 million downloads pe...
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering effor...