CVE-2026-42038 | Axios up to 0.31.0/1.15.0 Normalization shouldBypassProxy server-side request forgery (GHSA-m7pr-hjqh-92cm)

A vulnerability described as critical has been identified in Axios up to 0.31.0/1.15.0. Impacted is the function shouldBypassProxy of the component Normalization Handler. Executing a manipulation can lead to server-side request forgery.

This vulnerability appears as CVE-2026-42038. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.