CVE-2026-42033: Prototype Pollution Gadget Chain in Axios HTTP Client

Axios is a widely used Promise-based HTTP client for JavaScript environments, including Node.js and modern web browsers. It provides an extensive configuration interface for managing HTTP requests, responses, and network transport behavior. CVE-2026-42033 identifies a critical prototype pollution gadget vulnerability within this configuration management logic.

While Axios does not inherently expose a primary prototype pollution vector, it insecurely consumes configuration properties from plain JavaScript objects. This design flaw allows attackers to utilize Axios as an exploitation gadget if they achieve prototype pollution through a separate, vulnerable dependency within the same application process.

The vulnerability is classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes). Successful exploitation enables an attacker to intercept or modify JSON responses, hijack outgoing HTTP requests, and exfiltrate sensitive data. The flaw affects application environments where untrusted input can pollute the global Object.prototype.

The fundamental issue resides in how Axios parses and resolves its configuration object during request execution. The library relies on standard property accessors to read configuration keys, assuming these keys are explicitly defined by the developer.

In JavaScript, plain objects inherit properties from Object.prototype. When Axios attempts to access an undefined property on a configuration object, the JavaScript engine traverses the prototype chain and returns the value defined on Object.prototype. Axios failed to validate whether retrieved configuration values were own-properties of the configuration object.

This improper validation manifests across multiple functional areas, including data transformation, response parsing, and transport selection. Specifically, properties such as parseReviver, transport, allowAbsoluteUrls, transformRequest, and transformResponse were accessed directly. An attacker who controls Object.prototype can populate these properties with malicious payloads, forcing Axios to execute attacker-defined behavior during standard HTTP operations.

The parseReviver gadget provides a direct mechanism for response tampering. In the vulnerable implementation of lib/defaults/index.js, Axios applies the default response transformer using JSON.parse(data, this.parseReviver). If a developer does not explicitly define parseReviver, the engine retrieves the function injected into Object.prototype.parseReviver.

// Vulnerable implementation
transformResponse: [function transformResponse(data) {
  // ...
  if (typeof data === 'string') {
    try {
      data = JSON.parse(data, this.parseReviver);
    } catch (e) { /* ... */ }
  }
  return data;
}]

The transport gadget exposes request hijacking capabilities. In the Node.js adapter, Axios evaluates config.transport to determine the underlying network implementation. If Object.prototype.transport contains an attacker-controlled object with a custom request method, Axios utilizes this malicious transport layer.

The patch remediates these vectors by implementing strict hasOwnProperty checks before accessing configuration keys. Axios introduced a utility function, utils.hasOwnProp, to verify property origins. The updated logic ensures that inherited properties are explicitly ignored during configuration merging and execution.

// Patched implementation utilizing hasOwnProp
if (utils.hasOwnProp(config, 'parseReviver')) {
  data = JSON.parse(data, config.parseReviver);
} else {
  data = JSON.parse(data);
}

Exploitation requires a pre-existing prototype pollution vulnerability within the target environment. The attacker must first send a payload that pollutes Object.prototype with specific keys targeted at Axios gadgets. Once the prototype is polluted, any subsequent Axios request executed by the application will trigger the malicious behavior.

To hijack outgoing credentials, an attacker pollutes Object.prototype.transport. The payload must be an object implementing a request function that mirrors the Node.js http.request signature. When the application uses Axios to authenticate with a third-party service, Axios routes the request through the injected transport function.

The malicious transport function can log the Authorization header or request body before forwarding the request to the legitimate destination or an attacker-controlled server. This technique allows silent credential harvesting without disrupting the application's expected network flow. Another vector utilizes the allowAbsoluteUrls gadget, where polluting the prototype with a falsy value forces Axios to incorrectly prepend the baseURL, enabling Server-Side Request Forgery (SSRF).

The vulnerability carries a CVSS v3.1 base score of 7.4 (High). The attack complexity is rated High (AC:H) because the attacker must chain this gadget with a separate prototype pollution flaw. However, the integrity and confidentiality impacts are High due to the comprehensive control the attacker gains over HTTP communications.

Confidentiality is compromised because attackers can intercept outgoing requests containing sensitive authentication tokens, session cookies, or personally identifiable information (PII). By utilizing the transport or transformRequest gadgets, the attacker gains read access to the complete HTTP payload before it undergoes TLS encryption at the network layer.

Integrity is compromised via response tampering. By leveraging the parseReviver or transformResponse gadgets, an attacker can modify JSON data received from trusted downstream APIs. This allows the attacker to spoof authentication successes, alter financial data, or inject malicious content into the application state.

Administrators and developers must upgrade Axios to version 0.31.1, 1.15.1, or later. These releases contain the necessary hasOwnProp validations that neutralize the prototype pollution gadgets. Upgrading requires standard dependency management procedures and should be verified via lockfile inspection.

If immediate patching is not feasible, developers can mitigate the risk by hardening the runtime environment. Node.js applications can invoke Object.freeze(Object.prototype) during initialization to prevent prototype modification entirely. Alternatively, utilizing the --disable-proto=delete flag in Node.js disables the __proto__ vector, though it does not protect against prototype pollution via constructor manipulation.

Organizations should also implement dependency scanning to identify and remediate primary prototype pollution vulnerabilities. Since Axios operates strictly as a gadget in this context, eliminating the source pollution vectors ensures comprehensive protection against this class of attacks. Developers should adopt Object.create(null) when creating configuration objects to prevent prototype inheritance inherently.