WRITEUP

WRITEUP

Exploit for CVE-2026-21697 - axios4go <0.6.4 - RCE

AI Analysis

This patch fixes a security issue in the axios4go client by ensuring that HTTP client configurations (timeout, redirect handling, and transport) are properly isolated per request, preventing potential request smuggling or state leakage between requests.

Attack Type

other

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/rezmoss/axios4go/commit/b651604c64e66a115ab90cdab358b0181d74a842

Authors

Rez Moss

Vulnerability

CVE-2026-21697

axios4go <0.6.4 - RCE

HIGH

CVSS 8.1