Axios CRLF Header Injection Chains with Prototype Pollution to Enable AWS Credential Theft via IMDSv2 Bypass — CVSS 9.9

A critical CRLF injection flaw in the Axios HTTP client library, tracked as CVE-2026-40175, allows attackers to inject arbitrary headers into outbound HTTP requests when combined with prototype pollution vulnerabilities present in other JavaScript dependencies. Security researchers at Heimdall Security flagged the issue with a CVSS score of 9.9, placing it firmly in critical territory. The vulnerability specifically stems from Axios's failure to sanitize carriage return and line feed (CRLF) characters in header values, a weakness that alone may appear limited but becomes dangerous in modern JavaScript environments where third-party libraries share the same runtime memory space.

The attack chain unfolds when an attacker first exploits a prototype pollution flaw in a co-installed library, such as lodash or similar utility packages, to modify JavaScript object prototypes. Once prototype pollution is established, the attacker can craft requests that inject additional HTTP headers via the unfiltered Axios header mechanism. This enables HTTP Request Smuggling attacks, where malformed requests bypass frontend proxies and reach backend servers with manipulated headers. More critically, researchers warn that the technique could circumvent AWS Instance Metadata Service version 2 (IMDSv2) protections, potentially exposing EC2 instance credentials, access keys, and IAM role tokens to unauthorized actors.

The recommended remediation is an immediate upgrade to Axios version 1.15.0, which includes sanitization controls for CRLF sequences. Organizations using Axios in server-side Node.js applications, particularly those running in AWS environments or behind reverse proxies, face the highest exposure. Security teams should audit dependency trees for known prototype pollution vulnerabilities, enforce strict Content-Type and Content-Length header controls at the proxy layer, and disable IMDS access where possible. The CVSS 9.9 rating signals that exploitation, if achieved, could result in total compromise of confidentiality, integrity, and availability.