Embedded malicious code (backdoor) in axios - #VU124720
Published: March 31, 2026
axios
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application. Attacker compromised axios repository and introduced a new dependency plain-crypto-js.