Axios library flaw enables remote code exec

Axios, a JavaScript tool that apps use to make web requests, has a newly disclosed flaw that can turn another bug in the same app into remote code execution or cloud credential theft. (github.com) GitHub’s advisory for CVE-2026-40175 says affected Axios versions are older than 1.15.0, and the National Vulnerability Database says older 0.x releases before 0.31.0 are also affected. The advisory was published on April 10, 2026, and the National Vulnerability Database lists a critical Common Vulnerability Scoring System score from GitHub. (github.com) (nist.gov) The bug is not a simple “send one bad request” flaw. GitHub describes Axios as a “gadget” in a longer chain, where prototype pollution in another package poisons JavaScript’s shared base object and Axios then picks up the poisoned values while building outbound headers. (github.com) Headers are the labels attached to a web request, like address lines on an envelope. Snyk says Axios let carriage return and line feed characters slip into merged header values, which can let an attacker inject extra headers or split one outbound request into more than one. (snyk.io) That matters on servers because Axios often runs inside back-end code that can reach internal systems a browser cannot. GitHub says the chain can escalate into server-side request forgery, request smuggling, or “Full Cloud Compromise” by bypassing Amazon Web Services Instance Metadata Service version 2. (github.com) GitHub’s proof-of-concept shows a polluted header value smuggling a `PUT` request to `169.254.169.254`, the local metadata address used on Amazon Web Services instances. The example requests a metadata token with `X-aws-ec2-metadata-token-ttl-seconds: 21600`, then uses that token to reach credentials that ordinary server-side request forgery often cannot access under Instance Metadata Service version 2 rules. (github.com) The National Vulnerability Database says the fix is in Axios 1.15.0 and 0.31.0. A release tracker shows Axios published version 1.15.0 on April 7, 2026, and version 0.31.0 on April 12, 2026. (nist.gov) (releasealert.dev) The advisory also narrows the practical question for defenders: Axios itself is not described as the source of prototype pollution. GitHub says the chain starts if some other dependency in the application can already write attacker-controlled properties onto `Object.prototype`, naming packages such as `qs`, `minimist`, `ini`, and `body-parser` as examples. (github.com) Public exploit code is already circulating. Multiple security trackers published notices on April 14 and April 15 saying a proof of concept is available, which shortens the gap between disclosure and copycat testing against exposed services. (365trust.me) (cybernews.com) For engineering teams, the immediate check is concrete: find every direct and transitive Axios dependency, move to 1.15.0 or 0.31.0, and then look for any server-side code path where untrusted input can reach a prototype-pollution bug upstream of Axios. That is the path this flaw turns into a much bigger breach. (nist.gov) (github.com)