CVE-2026-44486 in the Axios npm library causes Proxy-Authorization headers to be forwarded to redirect destinations when proxy configuration changes state mid-request, exposing proxy credentials to unintended third-party servers. Specific affected versions have not been confirmed in NVD at time of publication; organizations using Axios for proxied HTTP requests in Node.js applications should audit for exposure and prepare to patch when a confirmed fix is released.