Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
7Blast Radius
ecosystem impact- 273 npm packages depend on axios (189 direct, 84 indirect)
Ecosystem-wide dependent count for version 1.0.0.
DescriptionGitHub Advisory
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders, append, pipe, on, once, and Symbol.toStringTag, Axios misidentifies any plain object payload as a FormData instance and calls the attacker-controlled getHeaders() function, merging the returned headers into the outgoing request. The vulnerable code resides exclusively in lib/adapters/http.js. The prototype pollution source does not need to originate from Axios itself - any prototype pollution primitive in any dependency in the application's dependency tree is sufficient to trigger this gadget. This vulnerability is fixed in 1.15.1 and 0.31.1.
AnalysisAI
Prototype pollution in Axios 1.x (prior to 1.15.1) and 0.x (prior to 0.31.1) enables HTTP header injection attacks when any dependency in the application pollutes Object.prototype with specific properties (getHeaders, append, pipe, on, once, Symbol.toStringTag). Attackers exploit the HTTP adapter's duck-type checking to inject arbitrary headers into outbound HTTP requests, potentially leading to authentication bypass, session hijacking, or cache poisoning. EPSS data unavailable; no confirmed active exploitation (CISA KEV) at time of analysis. Publicly available exploit code exists per vendor advisory GHSA-6chq-wfr3-2hj9.
Technical ContextAI
Axios is a widely-used promise-based HTTP client for browser and Node.js environments. This vulnerability (CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers) resides in lib/adapters/http.js, which handles Node.js HTTP/HTTPS requests. The code performs duck-type checking to identify FormData payloads by testing for specific methods and properties. When Object.prototype is polluted with getHeaders (function), append, pipe, on, once (functions), and Symbol.toStringTag (value), Axios misidentifies plain JavaScript objects as FormData instances. The vulnerable adapter then calls the attacker-controlled getHeaders() function and merges returned values into the outgoing request's headers object. This is a gadget vulnerability-the prototype pollution primitive can originate from any library in the dependency chain (lodash, jQuery, etc.), not Axios itself. The attack surface includes any Node.js application using vulnerable Axios versions where prototype pollution exists anywhere in the dependency tree.
RemediationAI
Upgrade to Axios 1.15.1 or later for 1.x users, or 0.31.1 or later for 0.x users. Vendor-released patches available via npm (npm update axios) or yarn (yarn upgrade axios). Consult vendor advisory at https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9 for migration guidance. If immediate upgrade is not feasible, implement defense-in-depth prototype pollution protections: freeze Object.prototype using Object.freeze(Object.prototype) at application bootstrap (side effect: breaks libraries relying on prototype extension), use --frozen-intrinsics flag in Node.js 20+ (performance overhead ~5-10%), or implement Content-Security-Policy headers and input validation to block known pollution vectors (reduces but does not eliminate risk). Additionally, audit dependency tree for known prototype pollution vulnerabilities using npm audit or Snyk, and prioritize remediation of pollution primitives that serve as prerequisites for this gadget. Note that mitigating pollution sources eliminates the attack prerequisite but does not fix the Axios gadget itself.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-113 – HTTP Response Splitting
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25589
GHSA-6chq-wfr3-2hj9