CVE-2026-40175
Prototype Pollution in Axios <1.15.0 Enables Remote Code Execution
Publication date: 2026-04-10
Last updated on: 2026-04-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axios | axios | to 1.15.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
| CWE-113 | The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40175 is a critical vulnerability in the Axios HTTP client library that allows attackers to exploit a header injection chain to perform cloud metadata exfiltration. The root cause is that Axios, prior to version 1.15.0, does not properly validate or sanitize HTTP header values, allowing malicious carriage return and line feed (CRLF) characters to be injected into headers.
This vulnerability leverages Prototype Pollution in third-party dependencies to inject malicious header values containing CRLF sequences. These sequences enable HTTP request smuggling and header splitting, which can be used to bypass protections like AWS IMDSv2, leading to unauthorized access to cloud instance metadata and credentials.
The vulnerability was fixed by introducing strict validation and normalization of HTTP header values in Axios, rejecting any headers containing CR or LF characters to prevent injection attacks.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution (RCE) and full cloud account compromise. Attackers can bypass AWS IMDSv2 protections to retrieve session tokens and steal IAM credentials.
- Allows injection of arbitrary HTTP headers such as Cookie or Authorization headers, enabling attackers to pivot into internal administrative panels.
- Enables poisoning of caches by injecting Host headers, potentially disrupting or manipulating web traffic.
- Exploits Server-Side Request Forgery (SSRF) capabilities in Axios to perform unauthorized requests within internal networks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for HTTP requests containing suspicious header values with carriage return (\r) and line feed (\n) characters, which are indicators of header injection attempts.
Since the vulnerability exploits Prototype Pollution to inject malicious headers, detection can include inspecting HTTP traffic for unusual or malformed headers, especially those that contain CRLF sequences or attempt to access cloud metadata endpoints like AWS IMDS.
Suggested commands to detect such attempts on a network or system include using packet capture and inspection tools such as tcpdump or Wireshark to filter HTTP headers for CRLF characters or suspicious header names.
- Using tcpdump to capture HTTP traffic and filter for suspicious headers: tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep -P '\r|\n'
- Using Wireshark to inspect HTTP headers for injection patterns or unusual multi-line headers.
- Searching application logs for errors related to header validation failures or exceptions thrown by Axios when invalid header values are detected.
Additionally, reviewing dependency versions in your projects to identify if Axios versions prior to 1.15.0 are in use can help detect vulnerable instances.
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to upgrade the Axios library to version 1.15.0 or later, where this vulnerability has been fixed by enforcing strict validation and normalization of HTTP header values.
This fix prevents header injection by rejecting any header values containing carriage return (\r) or line feed (\n) characters, thereby blocking the attack vector.
If upgrading immediately is not possible, as a temporary measure, you should audit and sanitize all HTTP headers set in your application to ensure they do not contain CRLF characters.
Additionally, review and update any third-party dependencies that might be vulnerable to Prototype Pollution, as this vulnerability leverages such pollution to inject malicious headers.
Implement monitoring and alerting for suspicious HTTP header patterns and errors related to header validation failures.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-40175 vulnerability in Axios allows attackers to perform unrestricted cloud metadata exfiltration and potentially achieve Remote Code Execution or full cloud compromise by exploiting header injection via Prototype Pollution. This can lead to unauthorized access to sensitive cloud instance metadata and credentials.
Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict protection of personal and sensitive data. The vulnerability could enable attackers to access or manipulate sensitive information, violating confidentiality and integrity requirements mandated by these regulations.
Therefore, organizations using vulnerable versions of Axios prior to 1.15.0 risk non-compliance due to potential data exposure and cloud account compromise stemming from this security flaw.