Root has patched CVE-2026-44490 in the @rootio/axios package for Root:npm. Multiple fixed versions available.
{
"distro": "npm",
"source": "Root",
"severity": "HIGH",
"distro_version": ""
}"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44490.json"
true
"0.21.1-root.io.2"
[
"1.15.0-root.io.9",
"1.15.0-root.io.10",
"1.15.0-root.io.11",
"1.15.0-root.io.12",
"1.12.1-root.io.20",
"0.21.4-root.io.8",
"0.27.2-root.io.10",
"1.13.5-root.io.13",
"1.14.0-root.io.8",
"1.13.4-root.io.7",
"1.8.4-root.io.10",
"1.14.0-root.io.9",
"1.2.1-root.io.1",
"1.2.1-root.io.2",
"1.2.1-root.io.3",
"0.31.1-root.io.1",
"1.14.0-root.io.10",
"1.13.6-root.io.5",
"1.15.2-root.io.2",
"1.12.0-root.io.11",
"1.13.2-root.io.10",
"0.21.1-root.io.2"
]
""
22.0
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44490.json"
[
"1.15.0-aikido.9",
"1.15.0-aikido.10",
"1.15.0-aikido.11",
"1.15.0-aikido.12",
"1.12.1-aikido.20",
"0.21.4-aikido.8",
"0.27.2-aikido.10",
"1.13.5-aikido.13",
"1.14.0-aikido.8",
"1.13.4-aikido.7",
"1.8.4-aikido.10",
"1.14.0-aikido.9",
"1.2.1-aikido.1",
"1.2.1-aikido.2",
"1.2.1-aikido.3",
"0.31.1-aikido.1",
"1.14.0-aikido.10",
"1.13.6-aikido.5",
"1.15.2-aikido.2",
"1.12.0-aikido.11",
"1.13.2-aikido.10",
"0.21.1-aikido.2"
]
"0.21.1-aikido.2"
true
""
22.0