Axios fixes proxy bypass flaws and prototype pollution MITM risk
Axios released fixes for two newly disclosed vulnerabilities, CVE-2026-44492 and CVE-2026-44494, affecting its widely used HTTP client for Node.js. The first bug stems from improper normalization of IPv4-mapped IPv6 addresses in shouldBypassProxy, allowing crafted URLs to evade local proxy exclusion logic and potentially reach sensitive targets such as cloud instance metadata services. The second issue is a prototype pollution gadget in Axios’s backend file adapter that can turn existing Object.prototype pollution elsewhere in an application into a man-in-the-middle condition on outbound HTTP requests, exposing or altering traffic and potentially leaking cleartext authentication cookies. Maintainers urged users to upgrade to Axios 1.16.0 or 0.32.0.
The fixes follow earlier Axios proxy-handling problems, including CVE-2026-42043, which bypassed a prior SSRF-related patch by exploiting Axios’s incomplete loopback validation. Researchers showed that Axios treated only localhost, 127.0.0.1, and ::1 as loopback, even though the full 127.0.0.0/8 range is reserved for loopback under RFC 1122, allowing addresses such as 127.0.0.2 to be forwarded through attacker-controlled proxies. That flaw, which could expose internal services, admin interfaces, Docker-bound endpoints, and cloud credential services, was previously fixed in Axios 1.15.1 and 0.31.1, underscoring continuing security concerns around proxy bypass and request-handling logic in the library.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Axios releases fixes for CVE-2026-44492 and CVE-2026-44494
Axios released patches for two vulnerabilities: CVE-2026-44492, a proxy bypass caused by improper normalization of IPv4-mapped IPv6 addresses, and CVE-2026-44494, a prototype pollution gadget in the backend file adapter. Maintainers advised users to upgrade to versions 1.16.0 or 0.32.0.
React Router patches CVE-2026-42211 in version 7.14.2
React Router fixed CVE-2026-42211 in version 7.14.2. The flaw involved insecure deserialization in the vendored turbo-stream v2 logic used by the single-fetch feature in Framework Mode.
GitHub Security Advisories receives CVE-2026-42211
A new React Router vulnerability, CVE-2026-42211, was received by GitHub Security Advisories on 2026-06-02. The issue affects React Router 7.0.0 through 7.14.1 in Framework Mode and can enable arbitrary constructor invocation during deserialization.
Axios fixes CVE-2026-42043 in versions 1.15.1 and 0.31.1
Axios addressed CVE-2026-42043 by fixing loopback handling in versions 1.15.1 and 0.31.1. The issue concerned incomplete validation of the full 127.0.0.0/8 loopback range.
Axios bypass of prior NO_PROXY fix is reported as CVE-2026-42043
Researchers Sachin Patil and Amol reported CVE-2026-42043, showing Axios's earlier SSRF-related NO_PROXY patch could be bypassed because it recognized only localhost, 127.0.0.1, and ::1 as loopback addresses. They demonstrated that alternate 127.x.x.x addresses could still be sent through an attacker-controlled proxy.
Axios fixes stale Proxy-Authorization header leak on redirects
Axios committed a fix and added tests to ensure stale Proxy-Authorization headers are cleared when redirects no longer use a proxy, when NO_PROXY bypasses an environment-derived proxy, or when a redirect switches to a different proxy. The change is tied to advisory GHSA-j5f8-grm9-p9fc and also hardens related header-handling behavior across header casing variations.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
Axios Proxy Vulnerabilities & Prototype Pollution Gadget
securityonline.info
Open sourceCVE-2026-42211: CVE-2026-42211: Remote Code Execution via Insecure Deserialization in React Router Framework Mode | CVEReports
cvereports.com
Open sourceCVE-2026-42211 - React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
cvefeed.io
Open sourceProxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection · Advisory · axios/axios · GitHub
github.com
Open sourceProxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter · Advisory · axios/axios · GitHub
github.com
Open sourceHow We Bypassed an Axios Security Patch (CVE-2026-42043): The 16-Million IP Loophole | by Sachin Patil | May, 2026 | InfoSec Write-ups
infosecwriteups.com
Open sourceRelease v0.32.0 · axios/axios · GitHub
github.com
Open sourcefix: clear stale header on redirect when target is no-proxy (#10794) · axios/axios@afca61a · GitHub
github.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Critical Axios Flaw Enables Request Smuggling, IMDSv2 Bypass, and Cloud Compromise
A critical vulnerability in the Axios HTTP client library, tracked as **`CVE-2026-40175`**, allows attackers to turn polluted JavaScript object properties into malicious HTTP headers and abuse outbound requests for **SSRF**, **request smuggling**, and potential **remote code execution**. Researchers said the flaw stems from improper header handling in Axios’s HTTP adapter and unsafe config merging, which can let `Object.prototype` values containing CRLF characters be injected into requests. The issue can be chained with prototype pollution in other npm packages to target internal services, including the AWS EC2 metadata endpoint at `169.254.169.254`, potentially bypassing **IMDSv2** and exposing cloud credentials or broader infrastructure. A public proof-of-concept was released alongside disclosure, raising urgency for defenders even though active exploitation had not been confirmed at the time of reporting. The flaw affects Axios versions before **`1.13.2`**, while maintainers said **`1.15.0`** introduces strict header validation that blocks CRLF-based header injection; organizations were urged to upgrade and audit dependencies such as **`body-parser`**, **`qs`**, and **`minimist`** for prototype pollution paths. One report cited internet-wide estimates of more than **48,000** potentially exposed instances, underscoring the risk of unauthorized internal access and possible full cloud compromise.
Apr 16, 2026
Compromised Axios npm Releases Delivered Cross-Platform RAT via Malicious Dependency
Attackers hijacked the npm account of Axios maintainer Jason Saayman and published malicious `axios@1.14.1` and `axios@0.30.4`, bypassing the project’s normal GitHub Actions OIDC publishing flow and adding the staged dependency `plain-crypto-js@4.2.1`. That package’s `postinstall` logic fetched platform-specific payloads from `sfrclak[.]com:8000`, deploying a remote access trojan on Windows, macOS, and Linux while deleting installer artifacts and restoring benign-looking package metadata to hinder detection. The poisoned releases were available for roughly three hours before removal, but Axios’s massive downstream use meant developer workstations, CI/CD pipelines, ephemeral builds, and transitive dependencies could all have resolved the malicious versions during the exposure window. Researchers and vendors including Socket, StepSecurity, Elastic, Huntress, Microsoft, Google Threat Intelligence Group, and others said affected systems should be treated as fully compromised because the malware enabled reconnaissance, command execution, persistence on Windows, payload retrieval, and likely credential theft. Multiple reports tied the operation to a North Korea-linked actor—most prominently `UNC1069`, with other vendors using names such as Sapphire Sleet and STARDUST CHOLLIMA—while Axios later confirmed the maintainer had been compromised through a targeted social-engineering campaign involving fake corporate outreach and a bogus meeting workflow. Organizations were urged to roll back to safe versions such as `1.14.0` or `0.30.3`, remove `plain-crypto-js`, rebuild impacted hosts, rotate all accessible secrets, review lockfiles and CI logs, and block traffic to the identified command-and-control infrastructure.
Jun 8, 2026
JavaScript/Node.js Ecosystem Vulnerabilities: Next.js React2Shell Exploitation and Prototype-Pollution/DoS Bugs in Axios and CASL
Threat actors began actively exploiting **React2Shell** (`CVE-2025-55182`), a critical issue affecting *Next.js* and **React Server Components** that can enable **unauthenticated remote code execution** on vulnerable, internet-facing servers. Reporting describes exploitation starting within ~20 hours of public disclosure, with attacks observed as malicious HTTP `POST` requests targeting routes such as `/_next/server` and `/_next/flight`, abusing server-component serialization to inject commands into the application runtime. WhoisXMLAPI attributed a large share of scanning/exploitation activity to the **“ILOVEPOOP”** toolkit, which used centralized infrastructure (noted as high-traffic nodes hosted in the Netherlands), rotating scanner nodes, and a distinctive request fingerprint including non-standard headers like `X-Nextjs-Request-Id: poop1234` and `Next-Action: x`. Separately, two additional JavaScript supply-chain/library vulnerabilities were disclosed that can be triggered via attacker-controlled input in Node.js applications. *Axios* is affected by a high-severity **denial-of-service** flaw (`CVE-2026-25639`, CVSS 7.5) in `mergeConfig`, where a configuration object containing an own `__proto__` property can cause a `TypeError` and crash the Node.js process when user input is parsed (e.g., via `JSON.parse()`) and passed into Axios configuration. CERT/CC also published **VU#458422** for a **prototype pollution** vulnerability in *CASL Ability* (versions 2.4.0–6.7.4) in `rulesToFields()` / `setByPath()` (extra module), where insufficient sanitization of path segments allows writing to `Object.prototype` via special keys (e.g., `prototype`, `constructor`, and `_proto_`), potentially enabling broad application compromise up to **arbitrary code execution** depending on how polluted properties are later used.
May 5, 2026