SB20260424169 - Multiple vulnerabilities in axios
Published: April 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Permissive List of Allowed Inputs (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass proxy restrictions and disclose sensitive information.
The vulnerability exists due to permissive list of allowed inputs in lib/helpers/shouldBypassProxy.js when processing Axios requests to loopback addresses in the 127.0.0.0/8 range. A remote attacker can influence the target URL to bypass proxy restrictions and disclose sensitive information.
Exploitation requires the application to use proxy environment variables and rely on NO_PROXY rules to protect loopback services.
2) Prototype pollution (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass application-level authentication checks and suppress HTTP error handling.
The vulnerability exists due to improperly controlled modification of object prototype attributes ('prototype pollution') in lib/core/mergeConfig.js and lib/core/settle.js when merging request configuration after Object.prototype has been polluted with a crafted validateStatus property. A remote attacker can pollute Object.prototype.validateStatus with a function that always returns true to bypass application-level authentication checks and suppress HTTP error handling.
Exploitation requires chaining with an existing prototype pollution condition elsewhere in the application stack.
3) Permissive List of Allowed Inputs (CVE-ID: N/A)
The vulnerability allows a remote attacker to disclose sensitive information and bypass CSRF protections.
The vulnerability exists due to permissive list of allowed inputs in lib/helpers/resolveConfig.js when processing the withXSRFToken config property during browser requests. A remote attacker can pollute Object.prototype.withXSRFToken with a truthy non-boolean value or rely on a misconfigured truthy non-boolean value to disclose sensitive information and bypass CSRF protections.
User interaction is required, and the issue affects browser environments where the XSRF logic runs only when hasStandardBrowserEnv is true.
4) Null Byte Interaction Error (Poison Null Byte) (CVE-ID: N/A)
The vulnerability allows a remote attacker to inject raw null bytes into serialized URL query parameters.
The vulnerability exists due to null byte interaction error in lib/helpers/AxiosURLSearchParams.js encode() function when serializing parameters through AxiosURLSearchParams.toString() without an encoder or through custom paramsSerializer delegation. A remote attacker can supply crafted input containing null bytes to inject raw null bytes into serialized URL query parameters.
The standard axios request flow using buildURL is not affected, and exploitation is limited to direct AxiosURLSearchParams usage or custom serializer paths that delegate to the internal encoder.
5) Uncontrolled Recursion (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in toFormData in lib/helpers/toFormData.js when processing deeply nested request data or params objects. A remote attacker can send a deeply nested object to cause a denial of service.
The issue can be reached in server-side code that forwards client-controlled objects into axios request data or params, and may terminate the running request handler or process with a RangeError.
6) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in shouldBypassProxy() when processing URLs against no_proxy rules. A remote attacker can supply a URL using an IP alias instead of the hostname to disclose sensitive information.
In server-side environments, requests intended to bypass proxies can instead be routed through an attacker-controlled proxy. This can affect access to internal or cloud metadata services.
7) CRLF injection (CVE-ID: N/A)
The vulnerability allows a remote attacker to inject arbitrary multipart part headers.
The vulnerability exists due to improper neutralization of CRLF sequences in FormDataPart constructor in lib/helpers/formDataToStream.js when processing Blob/File-like object MIME types in multipart form-data generation. A remote attacker can supply a specially crafted blob.type value to inject arbitrary multipart part headers.
This issue is reachable through the public axios FormData posting API in Node.js environments that accept attacker-controlled file metadata and relay it downstream.
8) Allocation of Resources Without Limits or Throttling (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the HTTP adapter streamed response handling when processing responses with responseType: 'stream' and enforcing maxContentLength. A remote attacker can send a specially crafted oversized response to cause a denial of service.
The issue affects Node.js applications that rely on maxContentLength as a safety boundary while using streamed Axios responses.
9) Allocation of Resources Without Limits or Throttling (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the HTTP adapter native http/https transport path when sending streamed request bodies with maxRedirects set to 0. A remote attacker can send an oversized streamed upload to cause a denial of service.
The issue affects only stream request bodies; buffered request bodies and requests using default or nonzero redirect handling follow different enforcement paths.
10) Prototype pollution (CVE-ID: N/A)
The vulnerability allows a remote attacker to tamper with JSON responses and disclose sensitive information.
The vulnerability exists due to prototype pollution in parseReviver handling in the transformResponse functionality when processing JSON responses in a process where Object.prototype has been polluted by a co-dependency. A remote attacker can pollute Object.prototype.parseReviver to tamper with JSON responses and disclose sensitive information.
This issue affects the parseReviver gadget and requires a separate source of prototype pollution in the same process.
11) Prototype pollution (CVE-ID: N/A)
The vulnerability allows a remote attacker to hijack outbound HTTP requests and disclose sensitive information.
The vulnerability exists due to prototype pollution in the Node.js http adapter transport handling when processing requests in a process where Object.prototype has been polluted by a co-dependency. A remote attacker can pollute Object.prototype.transport to hijack outbound HTTP requests and disclose sensitive information.
This issue affects the transport gadget in the Node.js http adapter only and requires a separate source of prototype pollution in the same process.
12) Prototype pollution (CVE-ID: N/A)
The vulnerability allows a remote attacker to tamper with requests or responses and disclose sensitive information.
The vulnerability exists due to prototype pollution in mergeConfig handling of transformRequest and transformResponse when reading inherited config values from a polluted Object.prototype. A remote attacker can pollute Object.prototype.transformRequest or Object.prototype.transformResponse to tamper with requests or responses and disclose sensitive information.
This gadget requires a discriminator because the polluted function is also reached during option validation.
13) HTTP response splitting (CVE-ID: N/A)
The vulnerability allows a remote attacker to inject arbitrary HTTP headers into outgoing requests.
The vulnerability exists due to improper neutralization of CRLF sequences in HTTP headers in lib/adapters/http.js when processing data payloads in HTTP requests after a polluted object prototype causes plain objects to be treated as FormData instances. A remote attacker can pollute Object.prototype so that an attacker-controlled getHeaders() function is invoked to inject arbitrary HTTP headers into outgoing requests.
Exploitation requires a prototype pollution primitive somewhere in the application's dependency chain and the application must use Axios to send requests with a data payload such as POST, PUT, or PATCH.
Remediation
Install update from vendor's website.
References
- https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7
- https://github.com/advisories/GHSA-pmwg-cvhr-8vh7
- https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63
- https://github.com/advisories/GHSA-w9j2-pvgh-6h63
- https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c
- https://github.com/advisories/GHSA-xx6v-rp6x-q39c
- https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw
- https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9
- https://github.com/advisories/GHSA-62hf-57xw-28j9
- https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm
- https://github.com/advisories/GHSA-m7pr-hjqh-92cm
- https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77
- https://github.com/advisories/GHSA-445q-vr5w-6q77
- https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99
- https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx
- https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf
- https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9