Back to search
CVE-2026-42039
Published: Apr 24, 2026
Modified: Apr 24, 2026
PUBLISHED
Description
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1.
| Vendor | Product | Versions |
|---|---|---|
axios | axios | affected >= 1.0.0, < 1.15.1affected < 0.31.1 |
Weaknesses (CWE)
References
https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now