Critical Axios Flaw Enables Request Smuggling, IMDSv2 Bypass, and Cloud Compromise
A critical vulnerability in the Axios HTTP client library, tracked as CVE-2026-40175, allows attackers to turn polluted JavaScript object properties into malicious HTTP headers and abuse outbound requests for SSRF, request smuggling, and potential remote code execution. Researchers said the flaw stems from improper header handling in Axios’s HTTP adapter and unsafe config merging, which can let Object.prototype values containing CRLF characters be injected into requests. The issue can be chained with prototype pollution in other npm packages to target internal services, including the AWS EC2 metadata endpoint at 169.254.169.254, potentially bypassing IMDSv2 and exposing cloud credentials or broader infrastructure.
A public proof-of-concept was released alongside disclosure, raising urgency for defenders even though active exploitation had not been confirmed at the time of reporting. The flaw affects Axios versions before 1.13.2, while maintainers said 1.15.0 introduces strict header validation that blocks CRLF-based header injection; organizations were urged to upgrade and audit dependencies such as body-parser, qs, and minimist for prototype pollution paths. One report cited internet-wide estimates of more than 48,000 potentially exposed instances, underscoring the risk of unauthorized internal access and possible full cloud compromise.
Timeline
Apr 13, 2026
Researchers estimate more than 48,000 exposed Axios instances
Netlas estimated that over 48,000 instances may be directly exposed to the Axios vulnerability, though reporting said active exploitation had not yet been observed and real-world severity was still being evaluated.
Apr 13, 2026
Public proof-of-concept exploit for CVE-2026-40175 is published
A public proof-of-concept exploit for the Axios flaw was released by maintainer Jason Saayman shortly after disclosure, increasing urgency for defenders to patch and assess exposure.
Apr 13, 2026
Axios 1.15.0 released to block CRLF header injection
Axios released version 1.15.0 to address the vulnerability by enforcing stricter header validation and rejecting headers containing CRLF characters. The issue affects versions prior to 1.13.2, and reporting recommends upgrading to the fixed release.
Apr 13, 2026
Axios vulnerability CVE-2026-40175 is disclosed
A critical flaw in the Axios HTTP client, tracked as CVE-2026-40175, was publicly disclosed as enabling request smuggling, SSRF abuse, AWS IMDSv2 bypass, and possible remote code execution or broader cloud compromise when chained with prototype pollution.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
North Korea-Linked Actors Compromise Axios Maintainer via Social Engineering, Poison npm Releases with RAT
Attackers hijacked the npm account of Axios maintainer `jasonsaayman` and published malicious versions `axios@1.14.1` and `axios@0.30.4`, bypassing the project’s normal GitHub Actions/OIDC release workflow. The poisoned releases added `plain-crypto-js@4.2.1`, a staged dependency whose `postinstall` logic fetched platform-specific second-stage malware from `sfrclak[.]com:8000` and deployed a remote access trojan on Windows, macOS, and Linux. Researchers said the malware used anti-forensic cleanup by deleting installer artifacts and restoring a clean-looking `package.json`, while Windows samples also established persistence through a `Run` key. npm removed the malicious packages after roughly three hours, but Axios’s massive downstream use created broad exposure across developer endpoints, CI/CD pipelines, and transitive dependencies. Multiple vendors and the Axios maintainers urged organizations to treat any system that installed the affected versions as fully compromised, downgrade to `axios@1.14.0` or `axios@0.30.3`, remove `plain-crypto-js`, block `sfrclak[.]com` and `142.11.206[.]73`, and rotate all accessible secrets and credentials. Subsequent reporting said the maintainer was compromised through a targeted social-engineering campaign involving fake business outreach and session theft, and several firms, including Google and Microsoft, linked the operation to North Korea-aligned activity tracked as `UNC1069` or `Sapphire Sleet`, though some attribution details remain contested across vendors.
4 days ago
JavaScript/Node.js Ecosystem Vulnerabilities: Next.js React2Shell Exploitation and Prototype-Pollution/DoS Bugs in Axios and CASL
Threat actors began actively exploiting **React2Shell** (`CVE-2025-55182`), a critical issue affecting *Next.js* and **React Server Components** that can enable **unauthenticated remote code execution** on vulnerable, internet-facing servers. Reporting describes exploitation starting within ~20 hours of public disclosure, with attacks observed as malicious HTTP `POST` requests targeting routes such as `/_next/server` and `/_next/flight`, abusing server-component serialization to inject commands into the application runtime. WhoisXMLAPI attributed a large share of scanning/exploitation activity to the **“ILOVEPOOP”** toolkit, which used centralized infrastructure (noted as high-traffic nodes hosted in the Netherlands), rotating scanner nodes, and a distinctive request fingerprint including non-standard headers like `X-Nextjs-Request-Id: poop1234` and `Next-Action: x`. Separately, two additional JavaScript supply-chain/library vulnerabilities were disclosed that can be triggered via attacker-controlled input in Node.js applications. *Axios* is affected by a high-severity **denial-of-service** flaw (`CVE-2026-25639`, CVSS 7.5) in `mergeConfig`, where a configuration object containing an own `__proto__` property can cause a `TypeError` and crash the Node.js process when user input is parsed (e.g., via `JSON.parse()`) and passed into Axios configuration. CERT/CC also published **VU#458422** for a **prototype pollution** vulnerability in *CASL Ability* (versions 2.4.0–6.7.4) in `rulesToFields()` / `setByPath()` (extra module), where insufficient sanitization of path segments allows writing to `Object.prototype` via special keys (e.g., `prototype`, `constructor`, and `_proto_`), potentially enabling broad application compromise up to **arbitrary code execution** depending on how polluted properties are later used.
2 weeks ago
High-Severity Flaws Expose h3 to DoS and mcp-handler to Cross-Client Data Leaks
Two newly disclosed vulnerabilities affect widely used JavaScript server components, with one enabling **application-level denial of service** in `h3` and the other causing **cross-client data exposure** in `mcp-handler`. The `h3` flaw, tracked as `GHSA-Q5PR-72PQ-83V3`, is an algorithmic complexity issue in chunked cookie processing that lets an attacker send a very small HTTP request and force disproportionate CPU consumption. Rated **CVSS 7.5**, the bug can starve event loops and degrade availability without requiring privileges or user interaction. A separate issue in `mcp-handler`, tracked as `GHSA-W2FM-25VW-VH7F`, stems from a transport race condition that can leak sensitive MCP tool responses across client sessions. The vulnerability, rated **CVSS 7.1**, can expose database query results, local file contents, proprietary data, and raw large language model outputs, while also allowing limited attacker-controlled input injection when misrouted requests are processed in a victim session. The risk is highest in stateless serverless deployments such as **AWS Lambda** or edge runtimes where developers reuse global `McpServer` or `StreamableHTTPServerTransport` instances, while persistent Node.js deployments that create transport objects per connection are described as resistant to this specific flaw.
1 months ago