AWS Security Digest·Week 15 of 2026·Apr 7-13, 2026·4 items
Axios CVE Looks Bad on Paper, Works Mostly Nowhere
A CVSS 9.9 in Axios chains prototype pollution into IMDSv2 credential theft. Node.js already blocks the technique at the runtime layer, so production Node apps are mostly safe. Browser apps and other runtimes are not. AWS also ships Project Glasswing with Anthropic and patches a Firecracker virtio-pci out-of-bounds write.
In this issue1critical1high2medium
Highlights
4 items
$ tail -f /var/log/aws-security.log
medium/Feature Launch/
AWS Ships Project Glasswing with Anthropic
In "Building AI defenses at scale: before the threats emerge" (April 7), AWS CISO formally introduced Project Glasswing, a joint research effort with Anthropic, and the Claude Mythos Preview, a frontier model tuned for vulnerability research. The post is also where AWS Security Agent's GA was publicly reaffirmed. For practitioners, Glasswing matters mostly as a forward-looking signal: AWS is positioning frontier reasoning models as the next generation of vulnerability discovery and assisted triage.
A CWE-113 header injection in Axios, chained with prototype pollution from any other dependency in the stack (qs, minimist, ini, body-parser, etc.), can be escalated into an IMDSv2 token request and full IAM credential theft.
The technique smuggles a PUT to the metadata service with the required X-aws-ec2-metadata-token-ttl-seconds header.
Real-world exploitability is constrained: Node.js has rejected CRLF in headers for years, so standard Node deployments are not realistically exploitable. Browser-side and non-Node runtimes are a different story. GitHub Security Advisory rates it CVSS 9.9.
An out-of-bounds write in Firecracker's virtio PCI transport could allow a local guest user with root privileges to crash the Firecracker VMM or potentially execute code on the host.
The attack works by modifying virtio queue configuration registers after device activation.
AWS explicitly states no AWS services are impacted. Workaround if you cannot upgrade: use --enable-pci=false at the cost of I/O performance.
Affected
Firecracker 1.13.0-1.14.3
Firecracker 1.15.0
x86_64 + aarch64
Fixed In
Firecracker 1.14.4
Firecracker 1.15.1
medium/Service Update/
A Forensics-to-S3 Reference Framework
AWS published a step-by-step framework for forensic artifact collection that uses time-limited STS session policies and Step Functions automation to scope what an analyst can write into a forensic S3 bucket: no long-lived credentials, no over-broad PutObject. Worth bookmarking before the next IR engagement.
S3Step FunctionsIAM
Key Takeaway
1 item
$ cat WEEKLY_SUMMARY.md
CVE-2026-40175 in Axios is the kind of finding that's technically critical and operationally lukewarm: a 9.9 score that mostly does not work in production Node.js. But the IMDSv2-bypass technique is real, it will work somewhere, and it is a useful reminder to audit instance roles for blast radius. If an SSRF on one of your EC2 workloads can mint tokens, the access policy on those credentials is your last line of defense.
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.
