Insertion of Sensitive Information Into Sent Data

CVE-2026-44487

High

8.2/10

Summary

Axios's Node.js versions prior to `0.32.0` on the `0.x` line and versions prior to `1.16.0` on the `1.x`, HTTP adapter may forward a `Proxy-Authorization` header to a redirected origin during specific proxy-to-direct redirect flows.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-201 - Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

Advisory

Advisory Timeline

Published Jun 11, 2026

Insertion of Sensitive Information Into Sent Data

CVE-2026-44487

Summary

CWE-201 - Insertion of Sensitive Information Into Sent Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS