CVE-2026-40175: Axios Gets Hit Twice — North Korean Backdoor Then a 9.9 CVSS Flaw That Hands Attackers Your AWS Keys

In less than three weeks, the Axios JavaScript library — installed over 800 million times per month on npm and embedded in thousands of Node.js applications across the banking and fintech sector — has been hit by two independent, serious security events. First came a confirmed supply chain compromise attributed to a North Korean state actor. Then, before most teams had finished their incident response, a second critical vulnerability landed with a CVSS score of 9.9 and a proof-of-concept exploit already published. For Saudi financial institutions running modern API-driven architectures on AWS, this is not background noise — it is an active threat that demands immediate action.

Event One: Sapphire Sleet Poisons the npm Registry

On March 31, 2026, attackers compromised the publishing credentials of an Axios npm maintainer and released two poisoned package versions — 1.14.1 and 0.30.4. These versions included a concealed malicious dependency that, once installed, executed two actions silently: it exfiltrated sensitive system credentials to an attacker-controlled endpoint, and it installed a Remote Access Trojan (RAT) granting persistent shell access to the host.

Microsoft Threat Intelligence formally attributed the infrastructure behind this campaign to Sapphire Sleet, a North Korean state-sponsored group historically focused on financial theft and cryptocurrency laundering. The poisoned versions were live on the npm registry for several hours before detection — long enough to be pulled into automated CI/CD pipelines across hundreds of organizations. Any Node.js build that ran npm install during that window and resolved to the compromised versions is considered at risk. Saudi banks running open banking API gateways or payment processing microservices built on Node.js should assume they are in scope for this audit.

Event Two: CVE-2026-40175 — A 9.9 CVSS Chain No One Saw Coming

Within two weeks of the supply chain incident, independent security researchers disclosed CVE-2026-40175, a critical vulnerability rated CVSS 9.9 affecting all Axios releases from v0.x through v1.x prior to version 1.15.0. The flaw, rooted in lib/adapters/http.js, stems from a complete absence of HTTP header value sanitization (CWE-113). On its own, this is a moderate issue. What elevates it to near-perfect CVSS severity is its devastating compatibility with prototype pollution — one of the most common vulnerability classes in the npm ecosystem.

The attack chain works like this: any library already present in the application stack that is vulnerable to prototype pollution — qs, minimist, ini, or body-parser are common examples — can be used to inject arbitrary properties onto Object.prototype. When Axios subsequently processes an outbound request, its internal config merge inherits these polluted properties directly into the request headers. Because Axios performs no CRLF validation on these header values, an attacker can smuggle a second HTTP request inside the first, with full control over its headers and body. A public proof-of-concept exploit was released within 48 hours of disclosure.

The AWS IMDSv2 Bypass: From Prototype Pollution to Cloud Account Takeover

The most alarming consequence of CVE-2026-40175 — and the reason its CVSS score sits at 9.9 rather than 7 or 8 — is its ability to bypass AWS IMDSv2, Amazon's hardened Instance Metadata Service that was specifically designed to block SSRF-based credential theft. IMDSv2 normally requires a preflight PUT request with a custom X-aws-ec2-metadata-token-ttl-seconds header to obtain a session token before any metadata can be retrieved — a step that standard SSRF exploits cannot perform because browsers and most HTTP clients strip custom headers on cross-origin requests.

The Axios header injection chain circumvents this entirely. The smuggled second request is a well-formed PUT to http://169.254.169.254/latest/api/token, complete with the required IMDSv2 header, which Axios injects from the polluted prototype. The metadata service returns a valid session token. The attacker then uses that token to retrieve the EC2 instance's IAM role credentials — including AccessKeyId, SecretAccessKey, and SessionToken — and from there can enumerate S3 buckets, execute Lambda functions, query RDS databases, and pivot laterally across the entire AWS account. On AWS infrastructure supporting Saudi banking workloads, this translates directly to potential exposure of customer data, transaction records, and core banking API secrets.

Why Saudi Financial Institutions Are at Heightened Risk

The Saudi Open Banking Framework mandated by SAMA has driven widespread adoption of Node.js-based API infrastructure across retail banks, fintech companies, and payment service providers. Many of these architectures rely on Axios as the default HTTP client for service-to-service calls, third-party API integrations, and webhook delivery. Simultaneously, the vast majority of Saudi cloud deployments run on AWS — particularly through the AWS Middle East (Bahrain) region — making IMDSv2 bypass a highly realistic threat path.

From a regulatory standpoint, a successful exploitation of this chain would trigger obligations under multiple frameworks. SAMA CSCC v2.1 Domain 4 (Cybersecurity Operations) requires continuous vulnerability management and documented patch timelines — an unpatched Axios dependency weeks after public disclosure would constitute a direct control deficiency. NCA ECC-1:2018 controls under 3-3 (Software Security) explicitly require organizations to maintain an approved software component inventory and apply patches within defined SLAs. PDPL Article 23 requires notification to SDAIA within 72 hours of a breach affecting personal data — a cloud credential compromise that exposes customer records would meet this threshold.

Recommended Actions: What to Do Before Threat Actors Chain Both Vulnerabilities

1. Upgrade Axios immediately to version 1.15.0 or later. This is the only fully remediated release. Run npm audit across all repositories and enforce the upgrade via your package manager's lock file. Do not rely on npm audit fix --force alone — validate that the resolved version is indeed 1.15.0+.
2. Audit CI/CD pipeline logs for the March 31 compromise window. Identify any build that installed Axios v1.14.1 or v0.30.4 between March 31 and April 2, 2026. Treat those build artifacts and any deployed containers as potentially compromised; rotate all secrets accessible from those environments.
3. Enforce IMDSv2 at the instance and account policy level. In AWS, set HttpTokens=required on all EC2 instances via IMDSv2 enforcement and use AWS Config rule ec2-imdsv2-check to detect non-compliant instances. This limits, but does not eliminate, the blast radius of SSRF-class vulnerabilities.
4. Apply least-privilege IAM roles to all Node.js workloads. EC2 instances and ECS tasks running Node.js API services should have IAM roles scoped to the minimum permissions required. Audit any roles with s3:*, iam:*, or wildcard permissions and restrict them immediately.
5. Run a prototype pollution audit across your npm dependency graph. Tools such as @snyk/prototype-pollution-detector or Semgrep rules for JavaScript can identify prototype pollution vectors in transitive dependencies. Prioritize packages like qs, lodash, minimist, and ini, which are commonly exploitable.
6. Enable AWS CloudTrail and GuardDuty alerts for IMDSv2 token requests. Unusual spikes in metadata service requests — particularly from application-tier instances — should be treated as indicators of exploitation and investigated immediately.

Conclusion

The Axios incidents of March and April 2026 illustrate a threat pattern that is becoming increasingly common: a well-known, widely trusted open source library becomes a high-value target, first for supply chain infiltration and then for a separately discovered critical vulnerability that compounds the damage. Saudi financial institutions operating under SAMA and NCA oversight cannot afford to treat npm dependency management as a developer concern disconnected from security governance. The path from a polluted JavaScript object to stolen AWS IAM credentials to a reportable PDPL breach is now a documented, exploitable chain — not a theoretical scenario.

Is your organization prepared? Contact Fyntralink for a complimentary SAMA Cyber Maturity Assessment covering your cloud security posture, software supply chain controls, and NCA ECC compliance readiness.