Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Root's axios Library Allows Remote Code Execution
ROOT-APP-NPM-CVE-2026-40175
Summary
The axios library used in some Root applications contains a security flaw that could allow an attacker to run malicious code on your server. This could happen if an attacker injects malicious data into your application. To fix this, update to a patched version of the axios library.
What to do
- Update rootio @rootio/axios to version 1.7.9-root.io.6.
- Update rootio @rootio/axios to version 1.11.0-root.io.7.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/axios |
< 1.7.9-root.io.6 < 1.11.0-root.io.7 Fix: upgrade to 1.7.9-root.io.6
|
Original title
CVE-2026-40175 in @rootio/axios - Patched by Root
Original description
Root has patched CVE-2026-40175 in the @rootio/axios package for Root:npm. Multiple fixed versions available.
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026