CVE-2026-42043 — HIGH (7.2)

Q: How severe is CVE-2026-42043?

CVE-2026-42043 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-42043?

Check the references section above for vendor advisories and patch information. Affected products include: Axios Axios.

Vulnerability Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Axios	Axios	< 0.31.1

Related Weaknesses (CWE)

CWE-441 CWE-918 CWE-183

References

https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7ExploitMitigationVendor Advisory
https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7ExploitMitigationVendor Advisory

FAQ

What is CVE-2026-42043?

CVE-2026-42043 is a vulnerability with a CVSS score of 7.2 (HIGH). Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 ra...

How severe is CVE-2026-42043?

CVE-2026-42043 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-42043?

Check the references section above for vendor advisories and patch information. Affected products include: Axios Axios.