CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-40175

CVE-2026-40175: Header Injection in Axios via Prototype Pollution Gadget

Alon Barad
Alon Barad
Software Engineer

Apr 16, 2026·5 min read·137 visits

Executive Summary (TL;DR)

Axios configuration merging insecurely inherits from Object.prototype and fails to validate internal CRLF characters. Attackers use prototype pollution to inject malicious headers, smuggling secondary HTTP requests to internal endpoints like AWS IMDSv2.

CVE-2026-40175 is a critical Header Injection vulnerability in the Axios HTTP client library. It functions as an exploitation gadget in Prototype Pollution attack chains, enabling HTTP request smuggling and splitting. This flaw allows attackers to bypass SSRF mitigations and achieve full cloud compromise via internal service interactions.

Vulnerability Overview

CVE-2026-40175 is a critical vulnerability in the Axios HTTP client library affecting versions prior to 1.15.0 and 0.31.0. The flaw resides in the configuration merging logic, which insecurely inherits properties from the global Object prototype. This inheritance transforms Axios into a highly effective exploitation gadget for prototype pollution chains.

When an attacker pollutes Object.prototype with a maliciously crafted property, Axios processes this property as an outgoing HTTP header. The library fails to adequately sanitize internal Carriage Return Line Feed (CRLF) characters within these injected headers.

This improper neutralization of CRLF sequences (CWE-113) facilitates HTTP request smuggling and splitting. Attackers leverage this behavior to bypass Server-Side Request Forgery (SSRF) protections. The primary exploitation path targets cloud metadata services, notably the AWS Instance Metadata Service (IMDSv2).

Root Cause Analysis

The root cause involves two distinct but intersecting failures in the Axios library. First, the internal utility functions responsible for combining global defaults, instance defaults, and request-specific configurations do not isolate their execution context. They iterate over configuration properties using mechanisms that traverse the prototype chain.

Because the merging logic includes properties inherited from Object.prototype, any globally polluted property is interpreted as a legitimate request configuration. If an attacker injects Object.prototype['x-injected-header'] = 'value', Axios blindly appends this header to all subsequent outgoing HTTP requests initiated by the application.

Second, prior to the patch, Axios implemented insufficient header sanitization. The library utilized a weak regular expression String(value).replace(/[\r\n]+$/, '') to strip trailing CRLF characters. This implementation entirely ignored internal CRLF sequences embedded within the header value.

The failure to validate internal characters allows the injection of \r\n sequences into the HTTP stream. The underlying Node.js HTTP implementation processes these sequences as structural control characters. This enables the termination of the initial HTTP request and the initiation of a secondary, smuggled request within the same TCP connection.

Code Analysis

The vulnerability remediation required strict structural validation of all HTTP header values. The patch introduced a new validation function assertValidHeaderValue within lib/core/AxiosHeaders.js. This function systematically evaluates headers for structural integrity before transmission.

The patched implementation replaces the flawed trailing-character replacement with a strict rejection mechanism. The function utilizes the regular expression !/[\r\n]/.test(value) to identify any internal or trailing carriage return or line feed characters.

// Patched Implementation in lib/core/AxiosHeaders.js
function assertValidHeaderValue(value) {
  if (typeof value !== 'string') {
    value = String(value);
  }
  // strict validation against internal CRLF sequences
  if (/[\r\n]/.test(value)) {
    throw new Error('Invalid character in header content');
  }
  return value;
}

For the legacy 0.x branch, maintainers implemented a character whitelisting approach via sanitizeHeaderValue. This function actively removes characters outside the permitted ASCII range using the regex /[^\x09\x20-\x7E\x80-\xFF]/g. These combined approaches ensure that smuggled requests cannot be constructed via prototype pollution.

Exploitation

Exploitation of CVE-2026-40175 requires a multi-stage attack chain. The attacker must first identify and exploit a prototype pollution vulnerability within the target application. This initial vulnerability typically resides in a third-party dependency such as lodash, qs, or serialize-javascript that insecurely parses user input.

Once the prototype is polluted, the attacker injects a malicious property targeting the Axios configuration. The payload contains structural HTTP control characters (\r\n) followed by a completely independent HTTP request.

// Step 1: Pollute the prototype (Source)
Object.prototype['x-smuggled-header'] = 'ignore\r\n\r\nPUT /latest/api/token HTTP/1.1\r\nHost: 169.254.169.254\r\nX-aws-ec2-metadata-token-ttl-seconds: 21600\r\n\r\n';
 
// Step 2: Trigger any Axios request (Gadget)
const axios = require('axios');
axios.get('https://example.com');

When the application executes any standard Axios request, the underlying socket receives the original request immediately followed by the smuggled request. This technique allows attackers to dictate the HTTP verb, target URI, and specific headers of the secondary request. It entirely bypasses application-level SSRF filters that restrict PUT requests or specific target IPs.

Impact Assessment

The CVSS v3.1 score of 10.0 reflects the critical nature of this vulnerability when successfully chained. The primary impact is the bypass of SSRF protections and subsequent interaction with internal network services. The most common target is the AWS IMDSv2 metadata endpoint.

IMDSv2 mitigates standard SSRF attacks by requiring a PUT request containing a specific header (X-aws-ec2-metadata-token-ttl-seconds) to retrieve a session token. Traditional GET-based SSRF vulnerabilities cannot satisfy these requirements. Request smuggling via Axios provides the exact primitive necessary to construct this PUT request.

Successful extraction of the IMDSv2 token grants the attacker temporary AWS credentials associated with the EC2 instance role. This escalation path transforms a restricted server-side vulnerability into full infrastructure compromise, allowing lateral movement, data exfiltration, or resource manipulation within the cloud environment.

Remediation

The primary remediation for CVE-2026-40175 is upgrading the Axios library to a patched version. Applications utilizing the 1.x branch must upgrade to version 1.15.0 or later. Systems operating on the legacy 0.x branch require an upgrade to version 0.31.0.

Upgrading the library addresses the gadget phase of the attack chain. However, comprehensive remediation requires addressing the initial prototype pollution vulnerability. Security teams must perform dependency audits using tools like npm audit to identify and update packages responsible for insecure object parsing.

In environments where immediate patching is not technically feasible, operators can deploy Web Application Firewall (WAF) rules. These rules should inspect incoming requests for URL-encoded CRLF characters (%0d%0a) in unusual parameter locations. Additionally, applications can utilize Object.freeze(Object.prototype) to prevent prototype pollution at the runtime level, though this may cause compatibility issues with legacy frameworks.

Official Patches

Axios (GitHub Advisory)Official GitHub Security Advisory
Axios (Pull Request 10660)Pull Request addressing the vulnerability in 1.x
Axios (Pull Request 10688)Pull Request addressing the vulnerability in 0.x

Fix Analysis (2)

Technical Appendix

CVSS Score
10.0/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Probability
0.40%
Top 39% most exploited

Affected Systems

Node.js ApplicationsCloud Infrastructure (AWS EC2 instances via IMDSv2 targeting)

Affected Versions Detail

Product
Affected Versions
Fixed Version
axios
Axios
>= 1.0.0, < 1.15.01.15.0
axios
Axios
< 0.31.00.31.0
AttributeDetail
CWE IDCWE-113 (Improper Neutralization of CRLF Sequences)
Attack VectorNetwork
CVSS10.0 (Critical)
EPSS0.40%
ImpactSSRF Bypass / Remote Code Execution / Cloud Compromise
Exploit StatusProof of Concept Available
KEV StatusNot Listed

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1552Credentials in Files/Cloud
Credential Access
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request Splitting')

Improper Neutralization of CRLF Sequences in HTTP Headers

Known Exploits & Detection

GitHub (0xBlackash)Proof of Concept repository demonstrating chained attack
GitHub (kengzzzz)Exploit methodology and test harness

Vulnerability Timeline

Identification of chained Prototype Pollution in external dependencies.
2026-03-28
Fix commit 363185461b merged to v1.x branch.
2026-04-06
Official disclosure and releases of Axios 1.15.0 and 0.31.0.
2026-04-10

References & Sources

  • [1]GHSA-fvcv-3m26-pcqx
  • [2]Commit 363185461b90b1b78845dc8a99a1f103d9b122a1
  • [3]Commit 03cdfc99e8db32a390e12128208b6778492cee9c
  • [4]0xBlackash PoC
  • [5]kengzzzz PoC
Related Vulnerabilities
CVE-2023-45133

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 8 hours ago•CVE-2026-50661
6.1

CVE-2026-50661: Windows BitLocker Security Feature Bypass

CVE-2026-50661 is a security feature bypass vulnerability in Microsoft Windows BitLocker full-disk encryption. A physical attacker can exploit this flaw to bypass encryption controls, permitting unauthorized access to sensitive local storage and the modification of offline system configurations.

Amit Schendel
Amit Schendel
17 views•5 min read
•about 8 hours ago•CVE-2026-56164
5.3

CVE-2026-56164: Elevation of Privilege via Missing Authentication in Microsoft SharePoint Server

CVE-2026-56164 is a critical vulnerability affecting Microsoft SharePoint Server. It permits unauthenticated, remote attackers to bypass identity verification controls. This flaw is classified under CWE-306: Missing Authentication for Critical Function and allows elevation of privilege up to Farm Administrator level. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.

Amit Schendel
Amit Schendel
26 views•6 min read
•about 18 hours ago•GHSA-PQG7-V6WH-3PFP
8.5

GHSA-pqg7-v6wh-3pfp: IP Spoofing and Access Control Bypass via HTTP Header Injection in TsDProxy

A high-severity input sanitization and header injection vulnerability in TsDProxy allows authenticated Tailscale users to inject arbitrary values into the X-Forwarded-For and X-Real-IP HTTP headers. Because downstream backend services frequently trust these headers to resolve client identities, attackers can exploit this flaw to bypass IP-based access control lists, audit logs, and geo-blocking restrictions.

Amit Schendel
Amit Schendel
8 views•5 min read
•about 19 hours ago•CVE-2026-54448
6.5

CVE-2026-54448: Denial of Service in Trivy Helm Chart Parser via Decompression Bomb

CVE-2026-54448 is a critical denial of service vulnerability in Trivy's Infrastructure-as-Code (IaC) misconfiguration scanning engine. Prior to version 0.71.0, Trivy utilized a custom archive parser to unpack Helm chart tarballs (.tgz) during automated scans. This custom implementation iterated through compressed files and loaded their entire raw contents into system memory using the io.ReadAll function without implementing size limits or threshold checks, enabling an attacker to trigger an immediate heap-allocation crash or system Out-of-Memory (OOM) termination using a decompression bomb.

Alon Barad
Alon Barad
6 views•7 min read
•about 19 hours ago•GHSA-9HC2-HJX8-Q6PV
9.6

GHSA-9HC2-HJX8-Q6PV: Remote Code Execution in TidGi Desktop via Malicious TiddlyWiki Repository Import

A critical remote code execution vulnerability exists in TidGi Desktop up to version 0.13.0. The flaw allows an attacker to execute arbitrary code with Node.js privileges when a user imports or clones a malicious TiddlyWiki repository. This occurs due to the automatic execution of 'startup' modules defined in user-imported tiddler files.

Alon Barad
Alon Barad
6 views•5 min read
•about 20 hours ago•GHSA-MQXV-9RM6-W8QC
8.7

GHSA-MQXV-9RM6-W8QC: CPU Exhaustion in Ech0 i18n Middleware via Accept-Language Header Parser Bypass

A critical Denial of Service (DoS) vulnerability in the Ech0 publishing platform allows unauthenticated remote attackers to exhaust CPU resources via a crafted Accept-Language header. By utilizing underscore separators instead of hyphens, the attack bypasses the CVE-2022-32149 guard within the Go language tag parser, triggering a quadratic-time complexity operation.

Amit Schendel
Amit Schendel
7 views•5 min read