CVE-2026-40175 β Axios is a promise based HTTP client for the browser and Node.js. Prior toβ¦
π¨ CVE-2026-40175 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compro
fix: unrestricted cloud metadata exfiltration via header injection ch⦠· axios/axios@3631854
github.com
What This Means For You
- Affects Apple ecosystem β update macOS/iOS devices.
- New vulnerability disclosed β verify if your stack is exposed.
- Supply chain risk β audit dependencies and third-party integrations.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-40175 | Vulnerability | CVE-2026-40175 |
π
Get the full picture on this threat
Use /org to search affected organizations, generate IOC briefs with /brief, and set watchlist alerts β inside Telegram.
Try Intel Bot β
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158855 |
| Published | April 10, 2026 at 23:27 UTC |
| Original Link | https://github.com/axios/axios/commit/363185461b90b1b7884... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.