VDB
GHSA-fvcv-3m26-pcqx
GHSA-fvcv-3m26-pcqx
PUBLISHED
CVSS 4.800000190734863 MEDIUM
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Risk Scores
CVSS 3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| npm | axios | 0, 1.0.0, 1.0.0 |
Exploit Intelligence
- CVE-2026-40175 (github-poc-repo)
- CVE-2026-40175 (github-poc-repo)
- Scan local repos for vulnerable axios versions (CVE-2026-40175) and patch interactively (github-poc-repo)
- Scan local repos for vulnerable axios versions (CVE-2026-40175) and patch interactively (github-poc-repo)
- Axios CRLF Injection (CVE-2026-40175) 취약점 대응 가이드 및 fetch 기반 마이그레이션 분석 (github-poc-repo)
- Axios CRLF Injection (CVE-2026-40175) 취약점 대응 가이드 및 fetch 기반 마이그레이션 분석 (github-poc-repo)
- pjt3591oo/CVE-2026-40175-poc (github-poc-repo)
- pjt3591oo/CVE-2026-40175-poc (github-poc-repo)
- pjt3591oo/CVE-2026-40175-poc (github-poc)
- pjt3591oo/CVE-2026-40175-poc (github-poc)
…and 28 more exploits
Timeline
- Apr 10, 2026 CVE Published
- Apr 11, 2026 Security Advisory
- Apr 16, 2026 CVE Updated
References
- https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx url
- https://nvd.nist.gov/vuln/detail/CVE-2026-40175 advisory
- https://github.com/axios/axios/pull/10660 url
- https://github.com/axios/axios/pull/10660#issuecomment-4224168081 url
- https://github.com/axios/axios/pull/10688 url
- https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c url
- https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1 url
- https://github.com/axios/axios package
- https://github.com/axios/axios/releases/tag/v0.31.0 url
- https://github.com/axios/axios/releases/tag/v1.15.0 url