CVE-2026-42042: XSRF Token Cross-Origin Leakage via Prototype Pollution in Axios

Axios serves as a foundational HTTP client in modern web and Node.js ecosystems, responsible for managing requests, responses, and security headers. A core security feature provided by Axios is automatic Cross-Site Request Forgery (CSRF/XSRF) token management, which extracts tokens from cookies and attaches them to outgoing request headers. This feature is intended to operate under strict same-origin policies to prevent token leakage.

CVE-2026-42042 exposes a flaw in how Axios validates the target origin before attaching these sensitive tokens. The vulnerability resides in the configuration resolution logic, specifically within the evaluation of the withXSRFToken property. A design flaw utilizing loose truthiness semantics enables an environment-level manipulation to bypass security constraints.

When combined with a separate Prototype Pollution vulnerability within the hosting application, attackers can manipulate the global object prototype chain. This manipulation injects a truthy, non-boolean value into the Axios configuration resolution process. The resulting logical short-circuit overrides the same-origin validation, causing Axios to append the XSRF token to requests destined for attacker-controlled infrastructure.

The root cause of this vulnerability stems from unsafe type coercion within JavaScript's logical operators. The configuration resolution logic within lib/helpers/resolveConfig.js relies on a conditional statement to determine if an XSRF token should be appended to the current request. This condition evaluates the withXSRFToken property using a standard logical OR (||) operator.

The specific vulnerable construct is if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(newConfig.url))). In JavaScript, the || operator short-circuits if the left-hand operand evaluates to any truthy value. Because the code does not enforce strict boolean typing, values such as the integer 1, strings, or objects evaluate as true.

When the left-hand side evaluates to true, the right-hand side of the expression is ignored entirely. Consequently, the critical isURLSameOrigin(newConfig.url) function is never executed. The logic implicitly trusts the truthy value and proceeds to attach the XSRF token to the request headers, completely disregarding the destination URL.

Analyzing the configuration resolution logic reveals exactly how the validation failure manifests. The application attempts to support both explicit configuration and automatic same-origin detection. This dual-purpose design introduces the logic gap when combined with polluted prototypes.

// Vulnerable code in lib/helpers/resolveConfig.js
// Evaluates to true for any truthy value (e.g., 1, "true", {})
if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(newConfig.url))) {
  // Token extraction and header attachment logic
}

In the presence of prototype pollution, withXSRFToken is inherited from Object.prototype. If Object.prototype.withXSRFToken = 1, the first condition passes, and origin validation is skipped. The patched versions (1.15.1 and 0.31.1) correct this logic by enforcing strict equality checks and utilizing nullish semantics. This ensures only an explicitly defined boolean true bypasses the same-origin verification.

// Fixed code logic
// Requires strict boolean true to force cross-origin token transmission
const requiresToken = withXSRFToken === true || 
                      (withXSRFToken == null && isURLSameOrigin(newConfig.url));
 
if (requiresToken) {
  // Token extraction and header attachment logic
}

By requiring withXSRFToken === true, injected prototype properties like 1 or "true" fail the strict equality check. The fallback logic then properly executes isURLSameOrigin because the inherited property does not equal null or undefined.

Exploitation of CVE-2026-42042 requires the presence of an independent Prototype Pollution vulnerability within the application or its dependency tree. The attacker must first leverage this separate flaw to pollute the global Object.prototype. The objective is to establish the specific gadget required by the Axios logic flaw.

The attacker injects a payload that sets a non-boolean truthy value onto the prototype chain. A typical payload achieves Object.prototype.withXSRFToken = 1. Once established, any standard JavaScript object created without an explicit withXSRFToken property inherits this value during property lookup.

The victim application then initializes an Axios request to a cross-origin resource controlled by the attacker. During request configuration, Axios reads newConfig.withXSRFToken. Since the configuration object lacks this key, the JavaScript engine traverses the prototype chain and returns the polluted value 1.

The Axios logic interprets the inherited 1 as truthy, bypasses the isURLSameOrigin check, and appends the X-XSRF-TOKEN to the outgoing request headers. The attacker monitors the receiving server logs and captures the leaked credential.

The direct security impact of this vulnerability is the compromise of anti-CSRF tokens. These tokens are generated by backend services to cryptographically bind state-changing requests to the authenticated user's session. When these tokens are leaked to an external party, the primary defense against Cross-Site Request Forgery is neutralized.

With the extracted XSRF token, an attacker constructs malicious cross-origin requests that the backend service authenticates and authorizes. This enables the attacker to perform state-changing actions on behalf of the victim, such as modifying account details, initiating unauthorized transactions, or elevating privileges within the context of the vulnerable application.

The vulnerability scores a CVSS of 5.4, reflecting a Medium severity. The score accounts for the network attack vector and low complexity, but is constrained by the requirement for user interaction and the specific precondition of an existing Prototype Pollution flaw. The EPSS score remains low at 0.00035, indicating limited active exploitation in the wild.

The definitive remediation for CVE-2026-42042 is updating the Axios library to a patched release. Development teams must upgrade their dependencies to version 1.15.1 or version 0.31.1, depending on the major version branch currently in use. This update replaces the vulnerable loose truthiness checks with strict boolean evaluation.

In environments where immediate patching is not feasible, defensive programming practices mitigate the underlying prototype pollution vector. Implementing Object.freeze(Object.prototype) prevents unauthorized modification of the global prototype chain, neutralizing the gadget required for this Axios vulnerability.

Applications parsing untrusted user input should transition to using Map objects or Object.create(null) for dictionary storage. These structures do not inherit from Object.prototype, rendering them immune to prototype pollution injection techniques. Security teams verify dependency trees using software composition analysis tools to identify indirect inclusions of vulnerable Axios versions.