CVE-2026-40175 Overview
CVE-2026-40175 affects Axios, a widely-used promise-based HTTP client for browser and Node.js environments. This vulnerability enables a "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise via AWS IMDSv2 bypass. The vulnerability stems from improper header value sanitization (CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers), allowing attackers to inject malicious headers that can exfiltrate cloud metadata credentials.
Critical Impact
Attackers can leverage Prototype Pollution in any third-party dependency to escalate to Remote Code Execution or AWS cloud compromise through unrestricted metadata exfiltration via header injection.
Affected Products
- Axios versions prior to 1.15.0
- Axios versions prior to 0.31.0
Discovery Timeline
- April 10, 2026 - CVE-2026-40175 published to NVD
- April 16, 2026 - Last updated in NVD database
Technical Details for CVE-2026-40175
Vulnerability Analysis
This vulnerability represents a sophisticated attack chain that combines Prototype Pollution with HTTP Header Injection to achieve Remote Code Execution or cloud credential theft. The core issue lies in Axios's failure to properly validate and sanitize header values, specifically allowing CRLF (Carriage Return Line Feed) sequences to be injected into HTTP headers.
When an attacker can pollute the JavaScript prototype chain through a vulnerable third-party dependency, they can inject malicious properties that Axios processes as HTTP headers. These injected headers can contain CRLF sequences that enable HTTP Response Splitting attacks or, more critically, can be used to bypass AWS IMDSv2 protections and exfiltrate cloud instance metadata credentials.
The attack is particularly dangerous in cloud-hosted Node.js applications where AWS Instance Metadata Service (IMDS) credentials could be stolen, potentially leading to full cloud account compromise.
Root Cause
The root cause is the absence of proper validation for header values containing newline characters (\r and \n). The AxiosHeaders class did not verify that header values are free from CRLF sequences before including them in HTTP requests. This allowed attackers who could influence header values through Prototype Pollution to inject arbitrary headers or split HTTP responses.
The fix introduces a validation function that explicitly checks for and rejects any header values containing carriage return or line feed characters:
const isValidHeaderValue = (value) => !/[\r\n]/.test(value);
function assertValidHeaderValue(value, header) {
if (value === false || value == null) {
return;
}
if (utils.isArray(value)) {
value.forEach((v) => assertValidHeaderValue(v, header));
return;
}
if (!isValidHeaderValue(String(value))) {
throw new Error(`Invalid character in header content ["${header}"]`);
}
}
Source: GitHub Commit
Attack Vector
The attack vector is network-based and requires an attacker to first exploit a Prototype Pollution vulnerability in any dependency used by the target application. Once the prototype chain is polluted, the attacker can inject malicious header values that Axios will include in outgoing HTTP requests.
In cloud environments, particularly AWS, this can be exploited to:
- Inject headers that bypass IMDSv2 token requirements
- Make requests to the metadata service endpoint (169.254.169.254)
- Exfiltrate IAM role credentials
- Use stolen credentials for lateral movement or privilege escalation
The patch also includes improvements to stack trace handling to prevent exploitation through the stack.replace() method:
const stack = (() => {
if (!dummy.stack) {
return '';
}
const firstNewlineIndex = dummy.stack.indexOf('\n');
return firstNewlineIndex === -1 ? '' : dummy.stack.slice(firstNewlineIndex + 1);
})();
Source: GitHub Commit
Detection Methods for CVE-2026-40175
Indicators of Compromise
- Unusual HTTP requests to cloud metadata endpoints (169.254.169.254) from application servers
- HTTP headers containing CRLF sequences (%0d%0a or \r\n) in application logs
- Unexpected outbound connections from Node.js applications to internal network resources
- Evidence of Prototype Pollution attempts targeting __proto__, constructor, or prototype properties
Detection Strategies
- Monitor network traffic for requests to AWS metadata service endpoints from application servers that should not require metadata access
- Implement Web Application Firewall (WAF) rules to detect CRLF injection attempts in headers
- Use Static Application Security Testing (SAST) tools to identify vulnerable Axios versions in package dependencies
- Deploy runtime application self-protection (RASP) solutions to detect Prototype Pollution attempts
Monitoring Recommendations
- Enable detailed logging for all outbound HTTP requests from Node.js applications
- Configure alerts for any requests to cloud provider metadata endpoints (169.254.169.254, fd00:ec2::254)
- Monitor npm audit reports and dependency scanning tools for known vulnerable package versions
- Implement Software Composition Analysis (SCA) to track Axios versions across all applications
How to Mitigate CVE-2026-40175
Immediate Actions Required
- Update Axios to version 1.15.0 or later for applications using the 1.x branch
- Update Axios to version 0.31.0 or later for applications using the 0.x branch
- Audit all Node.js applications for Prototype Pollution vulnerabilities in third-party dependencies
- Review and restrict network access from application servers to cloud metadata endpoints where not required
Patch Information
The vulnerability has been addressed in Axios versions 1.15.0 and 0.31.0. The patches introduce proper header value sanitization through the sanitizeHeaderValue helper and implement validation that rejects any header values containing CRLF sequences.
Key commits addressing this vulnerability:
- Commit 03cdfc9 - Backport fixes to 0.x branch
- Commit 3631854 - Primary fix for header injection chain
For additional technical details, see the GitHub Security Advisory GHSA-fvcv-3m26-pcqx.
Workarounds
- If immediate patching is not possible, implement a custom HTTP interceptor to sanitize all header values before requests are sent
- Use network segmentation to block application servers from accessing cloud metadata endpoints
- Implement IMDSv2 hop limit restrictions on EC2 instances to prevent container breakout scenarios
- Deploy a proxy that validates and sanitizes HTTP headers before forwarding requests
# Update Axios in your Node.js project
npm update axios@latest
# Verify installed version
npm list axios
# For projects using yarn
yarn upgrade axios@^1.15.0
# Audit for vulnerabilities
npm audit
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
