CVE-2026-40175: Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This vulnerability is fixed in 1.15.0 and 0.3.1.
Metrics
- CVSS v3.1
- 9.0
- Severity
- CRITICAL
- Fixed in
- V3.1.1
- Affected Products
- 1
HarborGuard Analysis
Synopsis
This is a header injection vulnerability in the Axios HTTP client library for Node.js and browser environments. An attacker can exploit prototype pollution in a third-party dependency to inject unsanitized values into outbound HTTP request headers, reachable over the network without any authentication. Successful exploitation gives an attacker full read access to cloud metadata endpoints (such as AWS IMDSv1), the ability to tamper with outbound requests, and can result in complete compromise of confidentiality, integrity, and availability in affected workloads. A patched-image rebuild at version 1.15.0 (or 0.31.0 for the 0.x line) is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built images that bundle Axios as a transitive dependency.
AvailableHarborGuard is capable of scoring this finding at CVSS 9.0 Critical and weighting it against each environment's compliance policy to determine urgency; per-org routing rules direct the alert to the appropriate team inbox automatically.
AvailableA patched-image rebuild at Axios 1.15.0 (or 0.31.0 for the legacy 0.x line) becomes available on HarborGuard once an affected image is identified. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must be able to reach the vulnerable service over the network to trigger the header injection gadget chain.
- AuthenticationNot required
No credentials or account are needed; the exploit path requires no prior authentication to the target service.
- Victim interactionNot required
No user action is required; the attacker can trigger the vulnerability without any involvement from a human operator or end user.
- Attack complexityDetail
Exploitation is rated High complexity, meaning the attacker must engineer specific conditions such as a prototype pollution primitive in a co-loaded dependency before the header injection chain can fire.
Blast Radius
- Reads cloud instance metadata, including IAM role credentials from endpoints such as the AWS Instance Metadata Service, enabling credential theft and lateral movement.
- Modifies outbound HTTP request headers, allowing the attacker to forge authorization headers, override routing logic, or poison downstream services that trust those headers.
- Disrupts the affected service by injecting malformed headers that cause upstream rejections or connection termination, resulting in availability loss.
- With Scope:Changed scored, impact extends beyond the vulnerable component itself, meaning a compromised Node.js process can be used as a pivot point to reach other services within the same network trust boundary.
How HarborGuard Handles This
Available on HarborGuard: images containing Axios versions in the affected ranges (>=1.0.0 and <1.15.0, or earlier 0.x builds before 0.31.0) are flagged at CVSS 9.0 Critical as soon as the image is scanned or re-evaluated after CVE ingestion. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the patched version, executes the configured regression suite, and opens a pull request against affected workload manifests; for high and critical severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy or network architecture makes immediate patching impractical, compensating controls worth considering include restricting egress from affected containers to block access to cloud metadata IP ranges (169.254.169.254 and the IMDSv2 equivalent), auditing third-party dependencies for prototype pollution surfaces, and enforcing IMDSv2 (hop-limit 1) at the infrastructure layer to reduce metadata exfiltration risk until the image rebuild is promoted.
Fix available
- axios / axios>= 1.0.0, < 1.15.0 · < 0.31.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H- https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
- https://github.com/axios/axios/pull/10660
- https://github.com/axios/axios/pull/10688
- https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
- https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1
- https://github.com/axios/axios/releases/tag/v0.31.0
- https://github.com/axios/axios/releases/tag/v1.15.0