UBUNTU-CVE-2026-42043

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-42043

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42043.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-42043

Upstream

CVE-2026-42043

Published

2026-04-24T18:16:00Z

Modified

2026-05-20T16:12:59.828253362Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1.

References

Affected packages

Ubuntu:20.04:LTS / node-axios

Package

Name: node-axios
Purl: pkg:deb/ubuntu/node-axios?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.19.0+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-axios",
            "binary_version": "0.19.0+dfsg-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42043.json"

Ubuntu:22.04:LTS / node-axios

Package

Name: node-axios
Purl: pkg:deb/ubuntu/node-axios?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.21.1+dfsg-1

0.23.0+dfsg-2

0.24.0+dfsg-1

0.25.0+dfsg-2

0.26.0+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-axios",
            "binary_version": "0.26.0+dfsg-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42043.json"

Ubuntu:24.04:LTS / node-axios

Package

Name: node-axios
Purl: pkg:deb/ubuntu/node-axios?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.1+dfsg-1

1.5.1+dfsg-1

1.6.2+dfsg-1

1.6.8+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-axios",
            "binary_version": "1.6.8+dfsg-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42043.json"

Ubuntu:25.10 / node-axios

Package

Name: node-axios
Purl: pkg:deb/ubuntu/node-axios?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.9+dfsg-1

1.8.4+dfsg-1

1.11.0+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-axios",
            "binary_version": "1.11.0+dfsg-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42043.json"

Ubuntu:26.04:LTS / node-axios

Package

Name: node-axios
Purl: pkg:deb/ubuntu/node-axios?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.0+dfsg-1

1.12.1+dfsg-1

1.13.2+dfsg-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-axios",
            "binary_version": "1.13.2+dfsg-1build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42043.json"