Summary
Workarounds
If users cannot upgrade immediately, they can force a safe axios resolution after installing the CLI:
npm install -g [email protected] --force
Alternatively, if users are building a Docker image or using a lockfile, they should ensure their resolved axios version is not 1.14.1 or 0.30.4:
npm ls axios
Block egress traffic to sfrclak[.]com and 142.11.206.73 at the network level to prevent the RAT from reaching its command-and-control server.
Resources
- Upstream axios issue: https://github.com/axios/axios/issues/10604
- StepSecurity analysis: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
- Socket analysis: https://socket.dev/blog/axios-npm-package-compromised
- Snyk advisory (axios): https://security.snyk.io/vuln/SNYK-JS-AXIOS-15850650
- Snyk advisory (plain-crypto-js): https://security.snyk.io/vuln/SNYK-JS-PLAINCRYPTOJS-15850652
- The Hacker News coverage: https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html
Impact
A supply chain attack on the axios npm package (versions 1.14.1 and 0.30.4) introduced a malicious transitive dependency ([email protected]) that deploys a cross-platform remote access trojan (RAT) on macOS, Windows, and Linux. The attacker compromised the primary axios maintainer's npm account to publish the malicious versions.
The malicious versions were live on npm for approximately 3 hours (00:21 UTC to 03:29 UTC on March 31, 2026) before being removed.
The @lightdash/cli package specified axios as a dependency with a semver range (^1.12.0) that permitted resolution to the compromised version. Any user who performed a fresh install of @lightdash/cli versions >= 0.1800.0, < 0.2695.1 (without a pre-existing lockfile) during this window may have installed the malicious axios version.
If compromised, the RAT establishes a connection to a command-and-control server (sfrclak[.]com / 142.11.206.73:8000) and provides the attacker with shell access, file system enumeration, and the ability to execute arbitrary commands. All credentials, secrets, and tokens accessible from the affected machine should be considered compromised.
Lightdash Cloud is not affected.
GHSA-3HFP-GQGH-XC5G has a CVSS score of 9.6 (Critical). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.2695.1); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
This has been patched in @lightdash/[email protected]. The fix pins axios to a known safe version (1.14.0).
Users should upgrade immediately:
npm install -g @lightdash/[email protected]
If users had installed the compromised version, they should check for RAT artifacts before and after upgrading:
- macOS:
/Library/Caches/com.apple.act.mond - Windows:
%PROGRAMDATA%\wt.exe - Linux:
/tmp/ld.py
If any artifacts are found, assume full compromise of that machine and rotate all accessible credentials (warehouse credentials, API tokens, SSH keys, cloud provider credentials, environment variables).
Frequently Asked Questions
- What is GHSA-3HFP-GQGH-XC5G? GHSA-3HFP-GQGH-XC5G is a critical-severity security vulnerability in @lightdash/cli (npm), affecting versions >= 0.1800.0, < 0.2695.1. It is fixed in 0.2695.1.
- How severe is GHSA-3HFP-GQGH-XC5G? GHSA-3HFP-GQGH-XC5G has a CVSS score of 9.6 (Critical). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of @lightdash/cli are affected by GHSA-3HFP-GQGH-XC5G? @lightdash/cli (npm) versions >= 0.1800.0, < 0.2695.1 is affected.
- Is there a fix for GHSA-3HFP-GQGH-XC5G? Yes. GHSA-3HFP-GQGH-XC5G is fixed in 0.2695.1. Upgrade to this version or later.
- Is GHSA-3HFP-GQGH-XC5G exploitable, and should I be worried? Whether GHSA-3HFP-GQGH-XC5G is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether GHSA-3HFP-GQGH-XC5G is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix GHSA-3HFP-GQGH-XC5G? Upgrade
@lightdash/clito 0.2695.1 or later.