CVE-2026-42043 - Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
CVE ID :CVE-2026-42043 Published : April 24, 2026, 6:16 p.m. | 1 hour, 41 minutes ago Description :Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] In 1965 screens got 1.2 hours a day. Now they get 7. The interface did that.
- [CYBER] potential crucial vulnerability?
- [CYBER] Firestarter malware survives Cisco firewall updates, security patches
- [CYBER] CVE-2026-42171 - NSIS Privilege Escalation Vulnerability
- [CYBER] CVE-2026-41488 - angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
- [CYBER] CVE-2026-41481 - LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass