A critical CVSS 10 vulnerability in the Axios HTTP client (downloaded over three billion times last year and present in ~80% of cloud and code environments) has a working proof-of-concept (POC) exploit available.
The Axios vulnerability can be escalated into Remote Code Execution (RCE) or even full cloud compromise (via AWS IMDSv2 bypass), says Axios maintainer Jason Saayman, who has published a POC on GitHub.
nb: The vulnerability is distinct from the recent Axios supply chain attack.
The new Axios vulnerability has CVE-2026-40175 allocated. Saayman blamed Axios’ “lack of HTTP Header Sanitization and default SSRF capabilities,” for the bug – saying it requires “zero direct user input.”
Exploitation uses Axios as a lever or “gadget” – if an attacker has compromised your application’s state via prototype pollution in another library they can use Axios to effectively smuggle unauthorised HTTP requests to internal services; notably the AWS Metadata Service (IMDSv2).
“If an attacker can pollute Object.prototype via any other library in the stack (e.g., qs, minimist, ini, body-parser), Axios will automatically pick up the polluted properties during its config merge,” Saayman wrote on Friday.
“Because Axios does not sanitise these merged header values for CRLF (\r\n) characters, the polluted property becomes a Request Smuggling payload,” Saayman added. Release v1.15.0 fixes this, seemingly by adding a check that throws an error if headers contain CRLF characters.
(If that name sounds familiar, Saayman was hacked in the recent Axios supply chain breach after being targeted with a highly personalised, fake corporate call by what is believed to have been North Korean threat actors; the bug comes amid a fresh security audit of Axios in the incident’s wake.)
Netlas estimates, crudely, that some 48,000+ instances may be directly exposed to possible remote exploitation – which has not yet been seen.
We’re in the early stages of analysing this one which may not be as real-world severe as that CVSS rating and the scale of Axios suggests (one can live in hope) but flagging early to security readers who may have missed it, given Axios’s now well-documented reach. Insight welcomed by email.
More to follow.
The link has been copied!
