Axios npm Package Compromised
On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - axios@1.14.1 and axios@0.30.4 - which introduced a hidden dependency (plain-crypto-js@4.2.1) able to execute a post‑install script deploying a cross‑platform Remote Access Trojan (RAT) on Windows, macOS, and Linux systems. Revised on 2026-04-14 00:00:00
CSIRTS triage
- What
- The Axios npm package was compromised, introducing a hidden dependency that can deploy a Remote Access Trojan.
- Who is affected
- Users of the compromised Axios versions.
- Urgency
- Immediate action is required to prevent potential malware installation on affected systems.
- Action
- Remove the compromised versions of Axios and update to a secure version.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Axios
Get an email when a new Axios advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://fortiguard.fortinet.com/psirt/FG-IR-26-126
More from Fortinet FortiGuard PSIRT
- unknownSecond-Order OS Command Injection via JSON Input on start vnc feature2026-06-09
- unknownImproper access control in API endpoints2026-06-09
- unknownRestricted CLI escape using Lua2026-06-09
- unknownLinux Kernel vulnerability Dirty Frag2026-06-03
- unknownLinux Kernel Vulnerability copy.fail - CVE-2026-314312026-05-13