Critical Vulnerability in Axios Library Requires Immediate Update
Summary
CSA Singapore has issued an alert regarding a critical security vulnerability (CVE-2026-40175) in the Axios JavaScript library. The vulnerability carries a CVSS v3.1 score of 10 out of 10 and affects all versions below 1.13.2. Successful exploitation could allow unauthenticated remote attackers to perform server-side request forgery attacks, potentially leading to remote code execution and full cloud compromise. Users and administrators are advised to update to the latest version immediately.
What changed
CSA Singapore has released Alert AL-2026-037 disclosing a critical server-side request forgery (SSRF) vulnerability in the Axios JavaScript library. The vulnerability, tracked as CVE-2026-40175, has been assigned the maximum CVSS v3.1 score of 10.0, indicating critical severity. All versions of Axios (npm) below version 1.13.2 are affected.
Organizations using Axios in their websites or web applications should update to the latest version immediately to prevent potential SSRF attacks, remote code execution, and full cloud environment compromise. The vulnerability can be exploited by unauthenticated remote attackers, making immediate patching a priority for affected systems.
What to do next
- Update Axios library to the latest version immediately
Archived snapshot
Apr 16, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Alerts
Critical Vulnerability in Axios
16 April 2026
Axios has released a software patch to address a critical security vulnerability in the Axios library. Users and administrators of affected product versions are advised to update to the latest version immediately.
Background
Axios has released a software patch to address a critical security vulnerability (CVE-2026-40175) in the Axios library. Axios is a widely-used JavaScript library that helps websites and web applications communicate with servers and online services. The vulnerability has been assigned a Common Vulnerability Scoring System (CVSS v3.1) score of 10 out of 10.
Impact
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform server-side request forgery (SSRF) attacks, potentially leading to remote code execution and full cloud compromise.
Affected Products
This vulnerability affects all versions of Axios (npm) below 1.13.2.
Recommendations
Users and administrators of affected product versions are advised to update to the latest version immediately.
References
https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
https://github.com/axios/axios/releases/tag/v1.15.0
Related changes
Get daily alerts for CSA Alerts & Advisories (Singapore)
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CSA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.