Malicious Code Injection via Axios npm Package Maintainer Account Takeover

85% confidence

Description

The Axios npm package was compromised through a maintainer account takeover, resulting in the publication of malicious versions 1.14.1 and 0.30.4. These versions introduced a hidden dependency (plain-crypto-js@4.2.1) that executes a post-install script deploying a cross-platform Remote Access Trojan (RAT) on Windows, macOS, and Linux systems, enabling unauthorized code execution.

Affected Products

Vendor	Product	Versions
axios	axios npm package	1.14.1, 0.30.4

Related News (1 articles)

Tier A

Fortinet PSIRT16h ago

Axios npm Package Compromised

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-254

PublishedApr 14, 2026

Last enriched5h ago

Malicious Code Injection via Axios npm Package Maintainer Account Takeover

Description

Affected Products

Related News (1 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline