New request
#21071: Security: Dependency upgrade request for axios to resolve high-severity proxy bypass vulnerabilities (CVE-2026-44492, CVE-2026-44494, CVE-2026-44495)
We'll provision a sandbox, run an agent against the issue, and open a draft PR. You can pull the branch and iterate from there.
Description
Hello Twenty Team!
First of all, thank you for building and maintaining such an amazing open-source CRM. We love your work and attention to system stability.
We are writing to flag a set of three high-severity vulnerabilities published on May 29, 2026 affecting the axios library, which is used as a direct dependency in packages/twenty-server (currently pinned to ^1.13.5) and across other packages in the Twenty monorepo.
Axios has been under active security scrutiny throughout 2026 — including a major supply chain attack in March 2026 and multiple prototype pollution CVEs in April and May. These three new advisories are the latest in that series and all affect the version range currently used by Twenty.
Affected Vulnerabilities
CVE-2026-44492 — NO_PROXY IPv4-mapped IPv6 Bypass (SSRF) · High · CVSS 8.6
Advisory: https://github.com/advisories/GHSA-pjwm-pj3p-43mv
shouldBypassProxy (introduced in v1.15.0 to fix CVE-2025-62718) does not normalise IPv4-mapped IPv6 addresses. If a self-hosted Twenty instance configures NO_PROXY blocks (e.g. 127.0.0.1 or cloud metadata IPs like 169.254.169.254), a specially crafted ::ffff:7f00:1-style URL still routes through the configured proxy, bypassing the protection and enabling Server-Side Request Forgery (SSRF).
- Affected versions: >= 1.0.0, < 1.16.0
- Patched in: 1.16.0
CVE-2026-44494 — Full MITM via Prototype Pollution Gadget in config.proxy · High · CVSS 8.7
Advisory: https://github.com/advisories/GHSA-35jp-ww65-95wh
The HTTP adapter reads config.proxy via standard property access, traversing the prototype chain. Because proxy is absent from Axios defaults, it is trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through an attacker-controlled proxy, enabling a full Man-in-the-Middle attack capable of intercepting and modifying all traffic including authentication credentials.
- Affected versions: >= 1.0.0, < 1.16.0
- Patched in: 1.16.0
CVE-2026-44495 — Credential Theft & Response Hijacking via Prototype Pollution in Config Merge · High · CVSS 7.0
Advisory: https://github.com/advisories/GHSA-3g43-6gmg-66jw
Axios versions before 1.15.2 contain prototype-pollution gadgets in request config processing. If Object.prototype.transformResponse is polluted with a function by another dependency in the same process, Axios executes it — allowing an attacker to observe and tamper with response data including URLs, headers, and auth credentials.
- Affected versions: >= 1.0.0, < 1.15.2
- Patched in: 1.15.2
Confirmed Impact on Twenty
Checking the current main branch:
packages/twenty-server/package.jsonpins"axios": "^1.13.5"— vulnerable to all three CVEs above.axiosis also used directly inpackages/twenty-companionandpackages/twenty-sdk, which should be audited as well.
All three CVEs affect versions < 1.15.2 or < 1.16.0, meaning the current pinned range resolves to a fully vulnerable version.
Because self-hosted deployments of Twenty frequently run in corporate intranets, Tailscale networks, or cloud environments with metadata services (AWS IMDSv1, GCP metadata), securing the outbound trust boundary is critical to preventing SSRF and credential leakage.
Suggested Resolution
We kindly request updating the axios dependency across the monorepo to ^1.16.1 (the current latest non-vulnerable version per Snyk and npm as of May 2026):
npm install axios@^1.16.1
This single upgrade resolves all three advisories immediately:
- 1.16.0 introduced fixes for CVE-2026-44492 and CVE-2026-44494.
- 1.15.2 resolved CVE-2026-44495 (included in 1.16.x).
No breaking API changes are expected between 1.13.x and 1.16.x as axios follows semantic versioning.
Thank you so much for your time, dedication, and prompt attention to keeping Twenty secure!
Best regards, Dipesh
Security dependency bump to fix known axios proxy bypass CVEs; typically limited to package manifests and lockfile updates.
- packages/twenty-server/package.json
- packages/twenty-front/package.json
- yarn.lock
- package.json