Axios vulnerability in Policy Manager Webreporting

Update timeline

1. investigating Apr 14, 2026, 02:35 PM UTC

   We have identified that WithSecure Policy Manager (PM) includes a version of the Axios library within the web reporting component that is currently flagged as vulnerable. Based on our assessment, the associated risk is low. As a precautionary measure, we recommend the following: Reviewing the current firewall and network configuration to ensure that the Policy Manager webreporting interface is not accessible from external networks Ensuring restricted access to this component significantly reduces any potential exposure. We are investigating on a fix for the issue.

2. resolved Apr 16, 2026, 02:17 PM UTC

   We have created a hotfix for this issue. We advise all our Business Suite partners and customers to apply this hotfix at the earliest opportunity. The risk can further be mitigated by ensuring that Policy Manager’s Web Reporting interface is not accessible from the internet. This can be done with external firewall configurations. The hotfix can be downloaded from the WithSecure Download Center: https://support.withsecure.com/en/support/download For more information on the Axios vulnerability (CVE-2026-40175) and WithSecure's response, please visit https://community.withsecure.com/announcements-en/kb/articles/32898-cve-2026-40175-for-axios-javascript-library