Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Root.io Axios Data Exposure in Root npm Package
ROOT-APP-NPM-CVE-2026-25639
Summary
A security patch has been released for a vulnerability in the Root.io Axios package on Root npm. This issue allows unauthorized access to sensitive data. Update to the latest version to protect your applications.
What to do
- Update rootio @rootio/axios to version 1.12.0-root.io.2.
- Update rootio @rootio/axios to version 1.7.9-root.io.6.
- Update rootio @rootio/axios to version 1.11.0-root.io.7.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/axios |
< 1.12.0-root.io.2 < 1.7.9-root.io.6 < 1.11.0-root.io.7 Fix: upgrade to 1.12.0-root.io.2
|
Original title
CVE-2026-25639 in @rootio/axios - Patched by Root
Original description
Root has patched CVE-2026-25639 in the @rootio/axios package for Root:npm. Multiple fixed versions available.
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 10 Apr 2026