Security: Remediate CVE-2026-40175 — Upgrade axios to >= 1.15.0

## Summary

**CVE:** CVE-2026-40175 | **Severity:** CRITICAL (CVSS 10.0) | **Fix:** `axios >= 1.15.0`

## What is it?
`axios` is vulnerable to a "Gadget" attack chain. Prototype Pollution in any dependency can be escalated to RCE or full cloud compromise via AWS IMDSv2 bypass. Public PoC exists. Wiz flagged `isHighProfileThreat: true` and `hasExploit: true`.

## Affected path
Detected in `frontend/yarn.lock` on branch `mantra-cosmwasm` — axios `1.6.5` via transitive deps.

## Remediation
1. Run `yarn why axios` in the `frontend/` directory to find all instances
2. Add a `resolutions` field to `frontend/package.json`:
   ```json
   "resolutions": { "axios": ">=1.15.0" }
   ```
3. Run `yarn install` to regenerate the lock file
4. Confirm all versions resolve to `>= 1.15.0`
5. Open PR

## References
- [axios v1.15.0 Release Notes](https://github.com/axios/axios/releases/tag/v1.15.0)
- [GHSA-fvcv-3m26-pcqx](https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx)
- [Wiz Findings](https://app.wiz.io/findings/vulnerability-findings#%7E%28filters%7E%28status%7E%28equals%7E%28%7E%27OPEN%29%29%7EvulnerabilityExternalId%7E%28equals%7E%28%7E%27CVE-2026-40175%29%29%29%29)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Remediate CVE-2026-40175 — Upgrade axios to >= 1.15.0 #14

Summary

What is it?

Affected path

Remediation

References

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Security: Remediate CVE-2026-40175 — Upgrade axios to >= 1.15.0 #14

Description

Summary

What is it?

Affected path

Remediation

References

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions