A vulnerability, which was classified as problematic , was found in Axios up to 1.15.x . This affects the function setProxy in the library lib/adapters/http.js . Such manipulation leads to unintended intermediary. This vulnerability is referenced as CVE-2026-44494 . It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.