Axios Prototype Pollution leads to RCE (CVE-2026-40175)

Overview

A critical vulnerability (CVE-2026-40175) in the Axios HTTP client library for Node.js and browsers allows a specific “gadget” attack chain. This flaw enables an attacker to escalate a Prototype Pollution vulnerability in any other library used by the application into full Remote Code Execution (RCE) or cloud compromise.

Technical Details

Axios versions prior to 1.15.0 contain a dangerous code pattern. If a separate Prototype Pollution vulnerability exists elsewhere in the application’s dependency chain, an attacker can use Axios as a “gadget” to chain these flaws. This chaining transforms a lower-severity pollution issue into a high-impact exploit. The attack is network-based, requires no user interaction or special privileges, and has low complexity, leading to its maximum CVSS score of 10.0.

A particularly severe outcome of this chain is the potential for a full AWS cloud compromise. By exploiting this flaw, an attacker could bypass the Instance Metadata Service v2 (IMDSv2) security controls on cloud instances, granting them access to sensitive cloud credentials and permissions.

Impact

The impact is severe for any application using a vulnerable version of Axios alongside a library with a Prototype Pollution bug. Successful exploitation grants an attacker the ability to execute arbitrary code on the server with the same permissions as the Node.js application process. This can lead to complete system takeover, data theft, and, in cloud environments, lateral movement to compromise the entire cloud account and its resources.

Remediation and Mitigation

The primary and only complete mitigation is to upgrade the Axios library to version 1.15.0 or later. This version contains the necessary fix to break the gadget chain.

Immediate Actions:

1. Update Axios: Run npm update axios or yarn upgrade axios to ensure version 1.15.0+ is installed.
2. Audit Dependencies: Review your application’s dependency tree for other known Prototype Pollution vulnerabilities, as these are the required entry point for this attack chain. Use tools like npm audit or software composition analysis (SCA) scanners.
3. Restrict Network Access: For applications running in cloud environments like AWS, ensure that instance metadata service (IMDS) access is restricted according to the principle of least privilege. This can limit the impact of a successful IMDSv2 bypass.

Security Insight

This vulnerability underscores the escalating risk of “gadget” attacks in modern software ecosystems, where a seemingly benign library can become a critical link in an exploit chain. Similar to the risks posed by deserialization gadgets in frameworks like LangChain, it highlights that an application’s overall security is only as strong as the weakest interaction between its dependencies. It serves as a stark reminder for developers to treat all third-party code, especially ubiquitous utilities like HTTP clients, as potential attack surface.

Further Reading

• LangChain, LangGraph Flaws Expose Files, Secrets,
• Apple Fixes WebKit Vulnerability Enabling Same-Origin
• DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs