Bruno CLI Compromised via Axios RAT (CVE-2026-34841)
CVE-2026-34841
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidd...
Overview
The Bruno open-source API IDE was impacted by a critical supply chain attack via its command-line interface (CLI). The @usebruno/cli package depended on a malicious version of the popular axios HTTP client library, which was uploaded to the npm registry. Installing this compromised dependency automatically deployed a cross-platform Remote Access Trojan (RAT) onto the developer’s system.
Vulnerability Details
This was not a traditional software flaw but a direct compromise of a trusted package. The attack occurred during a specific three-hour window on March 31, 2026. Users who executed npm install for the Bruno CLI between approximately 00:21 UTC and 03:30 UTC would have fetched the malicious axios package. This package contained a hidden dependency that installed a RAT capable of granting an attacker persistent, remote control over the infected machine.
Impact
The impact is severe and immediate. A successful compromise grants an attacker the same level of access as the user running the CLI. The RAT can exfiltrate sensitive data (including API keys, secrets, and source code), provide a backdoor into the developer’s network, and allow for lateral movement to other systems. This poses a direct risk not only to the developer’s workstation but also to any services, databases, or internal systems it can access.
Remediation and Mitigation
The primary and mandatory action is to upgrade the Bruno CLI to version 3.2.1 or later, which uses a verified, clean version of axios.
Immediate Actions:
- Upgrade: Run
npm update -g @usebruno/clito ensure you have version 3.2.1+. - Investigate: If you ran
npm installduring the specified window, assume compromise. Conduct a thorough forensic investigation of the affected system. Look for unknown processes, network connections, and file modifications. - Rotate Credentials: Immediately rotate all API keys, passwords, and secrets that were stored on or accessible from the potentially infected machine.
- Scan: Run a full anti-malware and endpoint detection scan.
For broader context on supply chain risks in developer tools, see our coverage of similar issues in AI frameworks: LangChain, LangGraph Flaws Expose Files, Secrets, Databases.
Security Insight
This incident mirrors the 2021 Codecov breach, where a compromised script in a CI/CD tool led to widespread credential theft. It highlights the escalating trend of attackers targeting niche but critical developer tools to gain a foothold in software supply chains. The extremely short, targeted attack window suggests a sophisticated actor aiming for high-value victims rather than broad, noisy distribution.
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from ...
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remot...
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method...
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A cr...