Axios NPM Supply Chain Compromise (March 2026) (4382681)

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Axios NPM Supply Chain Compromise (March 2026)
Description

In March 2026, a software supply chain compromise was identified involving the widely used Axios JavaScript HTTP client published on the Node Package Manager (NPM) registry. Attackers gained unauthorized access to the Axios maintainer’s NPM publishing credentials and released malicious versions of the Axios package that delivered a cross-platform Remote Access Trojan (RAT) during installation.

Axios is one of the most commonly used JavaScript libraries for making HTTP requests and is embedded in web applications, backend services, CI/CD pipelines, and developer workstations across many industries. Due to its popularity and transitive use as a dependency, this compromise had the potential for broad downstream impact.

The issue is not a vulnerability in Axios source code itself and no CVE has been assigned. Instead, it is a release-path compromise, where trusted package distribution was abused to deliver malware.

One Identity has conducted a review to determine if we have any impact to our products. At this time no One Identity Software is impacted by this issue.

Resolution

A list of products checked and verified to ensure there is no downstream impact of the Axios NPM Supply Chain Compromise by One Identity.

NOTE: We will continue to monitor this evolving situation and enhance our toolset if deemed necessary.

Product Name	Impact
Identity Manager	Not Impacted
Identity Manager On Demand	Not Impacted
Password Manager	Not Impacted
syslog-ng PE	Not Impacted
syslog-ng Store Box	Not Impacted
Defender	Not Impacted
OneLogin	Not Impacted
Active Roles	Not Impacted
PAM Essentials	Not Impacted
Privilege Manager for Unix	Not Impacted
Safeguard Privilege Manager for Windows	Not Impacted
Safeguard Authentication Services	Not Impacted
Safeguard for Sudo	Not Impacted
Safeguard On Demand	Not Impacted
Safeguard for Privileged Passwords	Not Impacted
Safeguard for Privileged Sessions	Not Impacted
Safeguard Remote Access	Not Impacted
Starling Connect	Not Impacted
TPAM	Not Impacted

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Leave a Comment

Recommended Content

Product(s):: PAM Essentials
Hosted; Identity Manager
10.0 LTS, 9.3.1, 9.3, 9.2.2, 9.2.1, 9.1.3, 9.0 LTS; Identity Manager Data Governance Edition
10.0 LTS, 9.3.1, 9.2.2, 9.2.1, 9.1.3, 9.0 LTS, 8.2.1, 8.1.5, 8.1.4, 8.1.3, 8.1.2, 8.0.5; OneLogin
Hosted; One Identity Safeguard for Privileged Passwords
8.2.1, 8.2, 8.1, 8.0.2 LTS, 8.0.1 LTS, 8.0 LTS, 7.0.5.1 LTS, 7.0.5 LTS, 7.4.2, 7.0.4.2 LTS, 7.0.4.1 LTS, 7.0.4 LTS, 7.0.3.1 LTS, 7.0.3 LTS, 7.0.2 LTS, 7.0.1 LTS, 7.0 LTS, 6.14, 6.0.13 LTS, 6.0.12 LTS, 6.0.7 LTS, 6.7.3, 6.7.2, 6.7.1, 6.7; One Identity Safeguard for Privileged Sessions
8.2, 8.1.1, 8.1, 8.0.2 LTS, 8.0.1.1 LTS, 8.0.1 LTS, 8.0 LTS, 7.0.5.1 LTS, 7.0.5 LTS, 7.0.4 LTS, 7.0.3.1 LTS, 7.0.3 LTS, 7.0.2.1 LTS, 7.0.2 LTS, 7.0.1.1 LTS, 7.0.1 LTS, 7.0 LTS, 6.14, 6.0.14 LTS, 6.0.13, 6.0.12, 6.0.11, 6.9.5, 6.9.4, 6.9.3, 6.9.2, 6.0.10, 6.0.9, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0 LTS; Password Manager
5.16, 5.15.1, 5.15, 5.14.5, 5.14.4, 5.14.3, 5.14.2, 5.14.1, 5.13.4, 5.14, 5.13.3, 5.13.2, 5.13.1, 5.12.3, 5.12.2, 5.12.1, 5.11.3, 5.11.2, 5.11.1, 5.10.1; Privilege Manager for Unix
7.5, 7.4, 7.3, 7.2.3; Safeguard Authentication Services
7.0, 6.2, 6.1, 6.0.5 LTS, 6.0.4 LTS, 6.0.3 LTS, 6.0.2 LTS, 6.0.1, 6.0 LTS, 5.1.1, 5.1; Safeguard Privilege Manager for Windows
4.10, 4.9, 4.8, 4.7.1, 4.6.1, 4.5.3, 4.7, 4.6, 4.5, 4.4.0.3, 4.4.0.2, 4.4.0.0; Safeguard for Sudo
7.5, 7.4, 7.3, 7.2.3; syslog-ng Premium Edition
8.1.0, 8.0.1, 8.0, 7.0.34, 7.0.33, 7.0.32, 7.0.29, 7.0.28, 7.0.27, 7.0.26, 7.0.20, 6.0.24, 6.0.23, 6.0.22, 6.0.21; syslog-ng Store Box
7.7.0, 7.6.0, 7.5.0, 7.4.0, 7.3.0, 7.2.0, 7.1.0, 7.0.4 LTS, 7.0.3 LTS, 7.0.2 LTS, 7.0.1 LTS, 7.0 LTS, 6.0.5, 6.10.0, 6.9.0, 6.8.0; TPAM
2.5.923, 2.5.919; Safeguard Remote Access
Hosted; Safeguard for Privileged Passwords On Demand
Hosted; Safeguard for Privileged Sessions On Demand
Hosted; Starling Cloud Assistant
Hosted; Starling Connect
Active Roles Integrated, Identity Manager Integrated, Hosted; Identity Manager On Demand - Starling Edition
Hosted

Topic(s):: Technical Solutions

Article History:: Created on: 4/2/2026
Last Update on: 4/9/2026

Search All Articles

© 2026 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center