Founding member access recorded.

Checkout cancelled.

Finding · openhands

Security: Fix CVE-2026-44492 via axios upgrade to 1.16.0

What Changed

Updated axios dependency from 1.15.2 to 1.16.0 in frontend package to address CVE-2026-44492 security vulnerability.

Operator Implication

Operators must deploy this security patch to mitigate CVE-2026-44492 exposure in frontend HTTP client. Recommend applying at next maintenance window.

Receipt

Commit 73d1d9a (2026-06-03T18:24:51Z): 'Fix CVE-2026-44492: Update axios to 1.16.0 (#14627)' - HTTP client library vulnerability remediation in package.json and

Finding metadata

Confidence: high
Actionability: test
Accessibility impact: none

Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

Finding ID: 2026-06-03-openhands-cve-2026-44492-axios

Accepted signals

Upgrade frontend deps (axios 1.16.0, dompurify 3.4.0) to close CVE-2026-44492 and CVE-2026-41238 · 2026-06-03

Profile citations

OpenHands · claim · frontend-cve-cluster-and-acp-secrets

Source links

Primary links, including exact changelog lines when available.

OpenHands
commitCommit 73d1d9a (2026-06-03T18:24:51Z): 'Fix CVE-2026-44492: Update axios to 1.16.0 (#14627)' - HTTP client library vulnerability remediation in package.json and package-lock.jsongithub.com/OpenHands/OpenHands/commit/73d1d9a

Versioned source: run artifact