VYPR
advisoryPublished Jun 11, 2026· Updated Jun 14, 2026· 1 source

Axios: Nine CVEs Disclosed Together — Prototype Pollution, Proxy Leaks, and Bypasses Fixed in 1.16.0

Key findings • Nine CVEs disclosed together on June 11, 2026, covering prototype pollution, proxy-credential leaks, and security-control bypasses • CVE-2026-44494 (CVSS 8.7) shows how a proto…

Key findings

  • Nine CVEs disclosed together on June 11, 2026, covering prototype pollution, proxy-credential leaks, and security-control bypasses
  • CVE-2026-44494 (CVSS 8.7) shows how a prototype-pollution gadget can be escalated into a full MITM attack
  • Two proxy-credential leaks (CVE-2026-44486, CVE-2026-44487) expose Proxy-Authorization headers to redirect targets
  • CVE-2026-44492 bypasses NO_PROXY rules via IPv4-mapped IPv6 addresses, potentially exposing internal services
  • All flaws are fixed in Axios 0.32.0 and 1.16.0; no workarounds available for most issues

On June 11, 2026, the Axios maintainers disclosed nine security vulnerabilities affecting the popular promise-based HTTP client for browser and Node.js. The batch — spanning versions on both the 0.x and 1.x release lines — clusters around three themes: prototype-pollution gadgets, proxy-credential leaks, and bypasses of security controls. All nine flaws are addressed in Axios 0.32.0 (0.x line) and 1.16.0 (1.x line), and users are strongly advised to upgrade immediately.

Prototype-Pollution Gadgets and Escalation

Four of the disclosed CVEs involve prototype pollution, a class of bugs where an attacker can inject properties into Object.prototype and then have those properties flow into security-sensitive code paths. CVE-2026-44495 (CVSS 7.0) describes prototype-pollution gadgets in request config processing that affect Axios from 0.19.0 through 0.31.1 and 1.15.2. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, Axios may inadvertently propagate the tainted value. CVE-2026-44490 (CVSS 4.8) exposes two read-side prototype-pollution gadgets that silently pick up polluted values when an upstream dependency (e.g., lodash's _.merge via CVE-2018-16487) has already corrupted Object.prototype.

More critically, CVE-2026-44494 (CVSS 8.7) demonstrates that a prototype-pollution gadget in Axios can be escalated into a full Man-in-the-Middle (MITM) attack — intercepting and potentially modifying HTTP traffic — when combined with any other prototype-pollution flaw in the application's dependency tree. This affects Axios 1.0.0 through 1.15.x. Finally, CVE-2026-44489 (CVSS 3.7) notes that nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Object.prototype in their chain, allowing the setProxy() function to read polluted proxy.username and proxy.password values.

Proxy-Credential Leaks via Redirects

Two high-severity CVEs (both CVSS 7.5) address the same underlying issue: Axios's Node.js HTTP adapter may leak Proxy-Authorization headers to a redirect target. CVE-2026-44487 covers a scenario where an initial HTTP request is sent through an authenticated proxy, and during a specific proxy-to-direct redirect flow, the Proxy-Authorization header is forwarded to the redirected origin. CVE-2026-44486 describes a similar leak: when Axios follows a redirect after sending a request through an authenticated proxy, the Proxy-Authorization header may be included in the request to the redirect target. Both flaws affect all versions prior to 0.32.0 and 1.16.0.

Security-Control Bypasses

Three additional CVEs involve bypasses of Axios's built-in security mechanisms. CVE-2026-44492 (CVSS 8.6) addresses a failure to normalize IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the proxy, bypassing the intended exclusion. This could allow an attacker to proxy requests to sensitive internal addresses. CVE-2026-44496 (CVSS 7.5) describes a regular expression denial-of-service (ReDoS) vector: Axios builds a regex from the configured XSRF cookie name without escaping regex metacharacters, allowing an attacker who can influence the cookie name to cause catastrophic backtracking. CVE-2026-44488 (CVSS 7.5) notes that Axios 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter, potentially allowing unbounded data transfer.

Patch Status and Mitigation

All nine CVEs are fixed in Axios 0.32.0 (for the 0.x line) and Axios 1.16.0 (for the 1.x line). Users running any version prior to these releases should upgrade as soon as possible. There are no known workarounds for most of the issues; the proxy-credential leaks can be partially mitigated by avoiding the use of authenticated proxies with Axios, but the safest course is to update. The Axios maintainers have published the fixes on the project's GitHub releases page.

Bottom Line

This coordinated disclosure is one of the largest security batches for Axios in recent years, covering a broad attack surface from prototype pollution to credential exposure. The prototype-pollution chain (CVE-2026-44494) is particularly concerning because it turns a garden-variety pollution gadget into a full MITM capability. For teams using Axios in Node.js microservices or browser-based applications, upgrading to 1.16.0 (or 0.32.0 for legacy 0.x users) closes all nine reported vectors in a single release.

Synthesized by Vypr AI