What is Axios?
Axios is a JavaScript library intended to ease interaction with internet HTTP services. It is used by some organizations to simplify their codebase compared to using standard browser functionality.
What is the vulnerability?
Prior to version 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass).
Ref: https://nvd.nist.gov/vuln/detail/CVE-2026-40175
Has the vulnerability been fixed?
This vulnerability has been fixed in 1.15.0.
You can read more about how WithSecure has responded to this, and what steps you should take if you are using Axios, over in our dedicated article. Please note that any future updates we make related to this Axios vulnerability will be made on that article.