github →

New request

#21071: Security: Dependency upgrade request for axios to resolve high-severity proxy bypass vulnerabilities (CVE-2026-44492, CVE-2026-44494, CVE-2026-44495)

We'll provision a sandbox, run an agent against the issue, and open a draft PR. You can pull the branch and iterate from there.

Issue
sonarly:high

Description

Hello Twenty Team!

First of all, thank you for building and maintaining such an amazing open-source CRM. We love your work and attention to system stability.

We are writing to flag a set of three high-severity vulnerabilities published on May 29, 2026 affecting the axios library, which is used as a direct dependency in packages/twenty-server (currently pinned to ^1.13.5) and across other packages in the Twenty monorepo.

Axios has been under active security scrutiny throughout 2026 — including a major supply chain attack in March 2026 and multiple prototype pollution CVEs in April and May. These three new advisories are the latest in that series and all affect the version range currently used by Twenty.


Affected Vulnerabilities

CVE-2026-44492 — NO_PROXY IPv4-mapped IPv6 Bypass (SSRF) · High · CVSS 8.6

Advisory: https://github.com/advisories/GHSA-pjwm-pj3p-43mv

shouldBypassProxy (introduced in v1.15.0 to fix CVE-2025-62718) does not normalise IPv4-mapped IPv6 addresses. If a self-hosted Twenty instance configures NO_PROXY blocks (e.g. 127.0.0.1 or cloud metadata IPs like 169.254.169.254), a specially crafted ::ffff:7f00:1-style URL still routes through the configured proxy, bypassing the protection and enabling Server-Side Request Forgery (SSRF).

  • Affected versions: >= 1.0.0, < 1.16.0
  • Patched in: 1.16.0

CVE-2026-44494 — Full MITM via Prototype Pollution Gadget in config.proxy · High · CVSS 8.7

Advisory: https://github.com/advisories/GHSA-35jp-ww65-95wh

The HTTP adapter reads config.proxy via standard property access, traversing the prototype chain. Because proxy is absent from Axios defaults, it is trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through an attacker-controlled proxy, enabling a full Man-in-the-Middle attack capable of intercepting and modifying all traffic including authentication credentials.

  • Affected versions: >= 1.0.0, < 1.16.0
  • Patched in: 1.16.0

CVE-2026-44495 — Credential Theft & Response Hijacking via Prototype Pollution in Config Merge · High · CVSS 7.0

Advisory: https://github.com/advisories/GHSA-3g43-6gmg-66jw

Axios versions before 1.15.2 contain prototype-pollution gadgets in request config processing. If Object.prototype.transformResponse is polluted with a function by another dependency in the same process, Axios executes it — allowing an attacker to observe and tamper with response data including URLs, headers, and auth credentials.

  • Affected versions: >= 1.0.0, < 1.15.2
  • Patched in: 1.15.2

Confirmed Impact on Twenty

Checking the current main branch:

  • packages/twenty-server/package.json pins "axios": "^1.13.5" — vulnerable to all three CVEs above.
  • axios is also used directly in packages/twenty-companion and packages/twenty-sdk, which should be audited as well.

All three CVEs affect versions < 1.15.2 or < 1.16.0, meaning the current pinned range resolves to a fully vulnerable version.

Because self-hosted deployments of Twenty frequently run in corporate intranets, Tailscale networks, or cloud environments with metadata services (AWS IMDSv1, GCP metadata), securing the outbound trust boundary is critical to preventing SSRF and credential leakage.


Suggested Resolution

We kindly request updating the axios dependency across the monorepo to ^1.16.1 (the current latest non-vulnerable version per Snyk and npm as of May 2026):

npm install axios@^1.16.1

This single upgrade resolves all three advisories immediately:

  • 1.16.0 introduced fixes for CVE-2026-44492 and CVE-2026-44494.
  • 1.15.2 resolved CVE-2026-44495 (included in 1.16.x).

No breaking API changes are expected between 1.13.x and 1.16.x as axios follows semantic versioning.


Thank you so much for your time, dedication, and prompt attention to keeping Twenty secure!

Best regards, Dipesh

Assessmentadvisory
bug easy90% confidence

Security dependency bump to fix known axios proxy bypass CVEs; typically limited to package manifests and lockfile updates.

Likely files
  • packages/twenty-server/package.json
  • packages/twenty-front/package.json
  • yarn.lock
  • package.json
Create the request

This opens a fresh agent run and a draft PR for issue #21071.

Cancel