Root has patched CVE-2026-44487 in the @rootio/axios package for Root:npm. Multiple fixed versions available.
{
"distro": "npm",
"source": "Root",
"distro_version": "",
"severity": "HIGH"
}[
"1.8.4-root.io.8",
"1.13.4-root.io.4",
"1.13.2-root.io.8",
"1.8.4-root.io.9",
"0.21.4-root.io.5",
"0.27.2-root.io.7",
"1.12.0-root.io.10",
"0.21.4-root.io.7",
"1.13.4-root.io.5",
"1.15.0-root.io.12",
"1.12.1-root.io.19",
"1.13.5-root.io.11",
"1.13.2-root.io.9",
"0.27.2-root.io.8",
"0.27.2-root.io.9",
"1.13.4-root.io.6",
"0.21.4-root.io.6",
"1.12.1-root.io.20",
"0.21.4-root.io.8",
"0.27.2-root.io.10",
"1.13.4-root.io.7",
"1.8.4-root.io.10",
"1.2.1-root.io.3",
"0.31.1-root.io.1",
"1.14.0-root.io.10",
"1.8.3-root.io.3",
"1.8.3-root.io.4",
"1.13.6-root.io.5",
"1.15.2-root.io.2",
"1.8.3-root.io.5",
"1.8.3-root.io.6",
"1.12.0-root.io.11",
"1.13.2-root.io.10",
"0.21.1-root.io.1",
"0.21.1-root.io.2",
"0.21.1-root.io.3"
]
""
36.0
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44487.json"
"0.21.1-root.io.3"
true
[
"1.8.4-aikido.8",
"1.13.4-aikido.4",
"1.13.2-aikido.8",
"1.8.4-aikido.9",
"0.21.4-aikido.5",
"0.27.2-aikido.7",
"1.12.0-aikido.10",
"0.21.4-aikido.7",
"1.13.4-aikido.5",
"1.15.0-aikido.12",
"1.12.1-aikido.19",
"1.13.5-aikido.11",
"1.13.2-aikido.9",
"0.27.2-aikido.8",
"0.27.2-aikido.9",
"1.13.4-aikido.6",
"0.21.4-aikido.6",
"1.12.1-aikido.20",
"0.21.4-aikido.8",
"0.27.2-aikido.10",
"1.13.4-aikido.7",
"1.8.4-aikido.10",
"1.2.1-aikido.3",
"0.31.1-aikido.1",
"1.14.0-aikido.10",
"1.8.3-aikido.3",
"1.8.3-aikido.4",
"1.13.6-aikido.5",
"1.15.2-aikido.2",
"1.8.3-aikido.5",
"1.8.3-aikido.6",
"1.12.0-aikido.11",
"1.13.2-aikido.10",
"0.21.1-aikido.1",
"0.21.1-aikido.2",
"0.21.1-aikido.3"
]
""
36.0
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44487.json"
"0.21.1-aikido.3"
true