If your team has been following the recent Axios news, it is easy to mix two separate incidents into one big blur. That would be a mistake.
Axios was first caught up in a supply-chain compromise in late March 2026, where two malicious npm releases — axios@1.14.1 and axios@0.30.4 — were published with a dependency that downloaded a remote access trojan. Microsoft says those releases were malicious and recommends immediate credential rotation for anyone who installed them.
Now there is a second issue: CVE-2026-40175, a newly published vulnerability affecting Axios versions earlier than 1.15.0. The GitHub-reviewed advisory lists the affected range as < 1.15.0, the patched version as 1.15.0, and describes the impact as a chain that can escalate prototype pollution elsewhere in the stack into remote code execution or cloud compromise.
These are not the same problem. One was a malicious package publication event. The other is a vulnerability in Axios behavior itself.
What CVE-2026-40175 actually is
The easiest way to understand this CVE is to stop thinking of it as "Axios magically became RCE." That is not what the advisory says.
Instead, Axios is described as a gadget in a larger exploit chain. The advisory says that if an attacker can first achieve prototype pollution through some other library in your application, Axios may pick up polluted values during config merging. Because Axios did not properly sanitize header values for CRLF characters, those polluted values could become a request smuggling payload.
That matters because request smuggling and header injection can turn an apparently harmless internal HTTP request into something much more dangerous. In the advisory's example, a hardcoded request like axios.get('https://analytics.internal/pings') can be transformed into a second, attacker-controlled request sent to the AWS metadata service.
So the vulnerability is not just about "bad headers." It is about how a bug elsewhere can be amplified into a much more severe outcome once Axios is involved.
Why people are calling it critical
The GitHub-reviewed advisory marks the issue as Critical, with a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. It also states the impact can include RCE or full cloud compromise when the right conditions exist.
The most alarming part of the write-up is the AWS angle. The advisory shows how the smuggled request could target AWS IMDSv2, including the required X-aws-ec2-metadata-token-ttl-seconds header. That is important because IMDSv2 was designed to be harder to abuse through normal SSRF. If an attacker can smuggle a crafted PUT request to the metadata service and obtain a token, they may be able to retrieve IAM credentials and pivot deeper into the environment.
That is why this issue gets so much attention from cloud security teams. It is not just a library bug in isolation. It can become an access path into cloud identity and infrastructure.
Are all Axios versions affected?
According to the current advisory, yes: all Axios versions before 1.15.0 are in scope. The GitHub advisory lists the affected range as < 1.15.0 and explicitly says the issue affects all versions from v0.x through v1.x. The patch landed in Axios 1.15.0, released on April 7, 2026.
That does not mean every application using an older Axios version is immediately exploitable. The exploit still depends on another condition — especially some way to achieve prototype pollution elsewhere in the application or dependency tree. But from a risk-management point of view, anything below 1.15.0 should be considered exposed and scheduled for upgrade.
Why this is different from the March supply-chain compromise
It is worth repeating this distinction because security teams may need different response paths.
The March 31, 2026 supply-chain incident was about two malicious npm releases: 1.14.1 and 0.30.4. Microsoft says those versions contained a dependency, plain-crypto-js@4.2.1, that executed during installation and downloaded a second-stage RAT. That means the danger appeared at install or update time, especially on developer workstations and CI/CD systems.
By contrast, CVE-2026-40175 is a vulnerability in Axios request handling that affects versions below 1.15.0. It is not about malicious publishing. It is about unsafe behavior that can be chained with prototype pollution and SSRF-like conditions.
In plain English:
- The supply-chain attack asks: "Did you ever install a poisoned package?"
- The CVE asks: "Are you still running a vulnerable package that can be abused as part of an exploit chain?"
Both matter. They just require different kinds of investigation.
Who should worry most
The highest-risk cases are server-side JavaScript applications that use Axios and also have access to internal services, cloud metadata endpoints, or privileged APIs. This is especially true in environments where untrusted input can influence parsing, object merging, or dependency behavior somewhere else in the stack.
Cloud-hosted Node.js services deserve special attention because the advisory's most serious scenario involves metadata access and credential theft. Teams running in AWS should take the IMDSv2 bypass discussion seriously, even if they have historically treated metadata abuse as mostly an SSRF problem.
What teams should do now
First, upgrade Axios to 1.15.0 or later. The official Axios releases page shows v1.15.0 as the latest release and says it includes two critical security patches.
Second, check whether your environment ever installed the malicious March releases 1.14.1 or 0.30.4. If yes, do not treat that as just a version bump. Microsoft recommends rotating secrets and credentials immediately and investigating developer endpoints and CI/CD systems for signs of compromise.
Third, look for prototype-pollution exposure in your stack. The advisory explicitly names that as the trigger condition that Axios can amplify. If your application uses older parsing or object-merging libraries, this is the moment to review them.
Fourth, review network reachability from application hosts. A library bug becomes far more dangerous when the process can freely reach internal admin panels, service discovery endpoints, or cloud metadata services.
The bigger lesson
This Axios episode is a good reminder that "dependency security" is not one thing.
Sometimes the problem is a malicious package publication. Sometimes it is a vulnerability hiding in normal code. Sometimes the real damage happens when one weak link combines with another and turns a low-level bug into something catastrophic.
That is exactly why chained vulnerabilities are so hard for teams to reason about. A developer may look at a hardcoded Axios call and think it is safe. The advisory's point is that the danger may not be in that call alone. It may come from polluted state that entered the process earlier, through an entirely different package.
That is also why patching matters even when a CVE sounds "theoretical." Attackers do not need every bug to be independently devastating. They just need one bug to make another bug useful.
Final takeaway
The Axios situation in April 2026 is really two stories:
- A supply-chain compromise involving the malicious npm releases
1.14.1and0.30.4. - A critical vulnerability, CVE-2026-40175, affecting all Axios versions below 1.15.0, where Axios can act as a gadget in a prototype-pollution-to-request-smuggling chain, including an AWS IMDSv2 bypass scenario.
If your team uses Axios, the response is straightforward: upgrade to 1.15.0+, check whether the malicious March versions were ever installed, and review your dependency tree for prototype-pollution exposure.
Reference: CVE-2026-40175 on NVD