CVE-2026-40175 - Major Axios Vulnerability Lets Attackers Turn Prototype Pollution Into Remote Code Execution (RCE) or Cloud Account Takeover

Axios is one of the world’s most popular HTTP clients for JavaScript. Used widely in browsers and Node.js projects, it’s trusted by huge numbers of developers and found in everything from website frontends to backend cloud functions.

But before version 1.15., Axios had a severe security issue

> An attacker can use a Prototype Pollution bug *anywhere* in your dependencies as a “gadget,” which then lets them use Axios to escalate their access, eventually leading to Remote Code Execution (RCE) or even total cloud account takeover (think: access to your AWS EC2 secrets via IMDSv2 bypass).

This is tracked as CVE-2026-40175, and it’s extremely serious if you’re using any version below 1.15.—even if your own code isn’t directly vulnerable to Prototype Pollution!

Below, we break down how the exploit works, show example code, discuss the cloud compromise step, and show what you need to do to stay safe.

What’s a "Gadget Attack Chain"?

In security, a "gadget" is a chunk of code that can be used by attackers if they have some initial hack, like Prototype Pollution. If any deep dependency of yours is vulnerable to pollution, and the attacker can control some input, they can often manipulate sensitive properties (like constructor, __proto__ etc) that libraries—including Axios—don’t fully protect against. That lets them step up to worse attacks.

What changed in Axios 1.15.?

Prior to Axios 1.15., the library did not sufficiently sanitize objects it worked with. Because of this, if *any* object passed to Axios was polluted (e.g. via myObj.__proto__.env = ...), it polluted *all* objects, changing behavior library-wide.

The attacker’s typical chain looked something like this

1. Exploit some other vulnerable library to inject bad properties into the JavaScript object prototype (Object.prototype).

These polluted properties (“gadgets”) sneak into Axios request configs.

3. Axios, when executing, typically merges configs using Object.assign() or equivalent. Polluted properties can manipulate the HTTP request or even cause code execution, e.g. by altering prototype chain lookups for critical methods.

Suppose your app, or some included dependency, lets an attacker run this

// Attacker triggers prototype pollution:
const polluted = JSON.parse('{"__proto__":{"env":{"AWS_ACCESS_KEY_ID":"stealthis"}}}');

// All future objects now inherit the polluted prototype.
console.log(process.env.AWS_ACCESS_KEY_ID); // "stealthis" (Not from *your* process.env, but from prototype chain!)

Now, Axios uses that object or merges with it

const axios = require('axios');
axios.get('https://example.com/secret';, polluted);

If Axios or its dependencies are not careful to deep-clone or validate input, attributes on the prototype can control request headers, payload, or even change how Axios parses responses—sometimes leading to code execution through manipulation of critical options.

IMDSv2 Bypass for Cloud Takeover

Amazon’s EC2 Instance Metadata Service (IMDSv2) is supposed to prevent attackers from hijacking access tokens just by making requests from a compromised server. But attackers can use polluted objects passed through Axios to *bypass* IMDSv2 restrictions. Axios trusts the polluted property and sends internal HTTP requests to IMDS, leaking AWS credentials or tokens.

Here’s a minimal prototype pollution and Axios exploit for illustration

// Vulnerable module or feature lets attacker inject '__proto__'.
let userInput = '{"__proto__":{"Authorization":"Bearer attacktoken"}}'
Object.assign({}, JSON.parse(userInput)) // This pollutes Object.prototype

const axios = require('axios');

// Later, normal code somewhere:
axios.get('http://169.254.169.254/latest/meta-data/';, {headers: {}})
// Because of pollution, all future axios requests have 'Authorization: Bearer attacktoken' header injected!

This header can be used to bypass IMDSv2 protections and fetch AWS credentials.

How Was It Fixed?

Axios 1.15. introduced hardening to protect against __proto__ and similar keys, preventing prototype pollution in request objects from leaking into Axios internals.

References

- Axios Security Release Announcement
- Axios CVE-2026-40175 Disclosure

In your package.json

"dependencies": {
  "axios": "^1.15."
}

2. Check your indirect dependencies!

Use tools like npm ls axios to make sure no subdependencies are still on old versions.

3. For extra safety: Review your codebase for any untrusted JSON that gets merged into objects then passed to Axios or other critical libraries.

Final Words

This bug is a classic case of “vulnerability amplification”—a seemingly low-impact bug (Prototype Pollution in some random library you use) becomes way worse by combining with gadget code paths in other libraries like Axios. That’s why keeping all dependencies up to date is critical for modern JavaScript apps.

If you use Axios before 1.15.—whether directly or via a third party—your server or cloud function could be wide open to remote code execution or total AWS credential theft.

Upgrade today, and consider running a security audit using tools like npm audit or Snyk.

References

- Axios v1.15. Release Notes (GitHub)
- CVE Record for CVE-2026-40175
- OWASP Prototype Pollution
- AWS IMDSv2 and Security Best Practices
- Snyk - Prototype Pollution in Node.js

> Always keep dependencies up to date, and beware of silent, chained attacks like this. Patch Axios now!

Timeline

Published on: 04/10/2026 19:23:52 UTC
Last modified on: 04/10/2026 20:16:22 UTC