Axios npm Package Compromised Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-26-126 Final 1 1 2026-04-14T00:00:00 Current version 2026-04-14T00:00:00 2026-04-14T00:00:00 On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - axios@1.14.1 and axios@0.30.4 - which introduced a hidden dependency (plain-crypto-js@4.2.1) able to execute a post‑install script deploying a cross‑platform Remote Access Trojan (RAT) on Windows, macOS, and Linux systems. None Execute unauthorized code or commands None https://fortiguard.fortinet.com/psirt/FG-IR-26-126 Axios npm Package Compromised https://github.com/axios/axios/issues/10636 https://github.com/axios/axios/issues/10636 https://fortiguard.fortinet.com/psirt/FG-IR-26-126 Axios npm Package Compromised Reference> https://github.com/axios/axios/issues/10636 https://github.com/axios/axios/issues/10636