Skip to main content

Google CVE-2026-30886

| EUVDEUVD-2026-14518 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-03-23 GitHub_M GHSA-f35r-v9x5-r8mc
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 23, 2026 - 19:45 euvd
EUVD-2026-14518
Analysis Generated
Mar 23, 2026 - 19:45 vuln.today
CVE Published
Mar 23, 2026 - 19:18 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference (IDOR) vulnerability in the video proxy endpoint (GET /v1/videos/:task_id/content) allows any authenticated user to access video content belonging to other users and causes the server to authenticate to upstream AI providers (Google Gemini, OpenAI) using credentials derived from tasks they do not own. The missing authorization check is a single function call - model.GetByOnlyTaskId(taskID) queries by task_id alone with no user_id filter, while every other task-lookup in the codebase enforces ownership via model.GetByTaskId(userId, taskID). Version 0.11.4-alpha.2 contains a patch.

AnalysisAI

An Insecure Direct Object Reference (IDOR) vulnerability exists in New API versions prior to 0.11.4-alpha.2, a large language model gateway and AI asset management system. Authenticated users can bypass authorization checks on the video proxy endpoint (GET /v1/videos/:task_id/content) to access video content belonging to other users and cause the server to authenticate to upstream AI providers (Google Gemini, OpenAI) using credentials derived from tasks they do not own. The vulnerability stems from a single unguarded function call that queries tasks by task_id alone without validating user ownership, contrasting sharply with all other task-lookup functions in the codebase that properly enforce ownership checks.

Technical ContextAI

New API (cpe:2.3:a:quantumnous:new-api:*:*:*:*:*:*:*:*) is an LLM gateway and AI asset management platform that proxies requests to upstream AI providers. The vulnerability is rooted in CWE-639 (Authorization Bypass Through User-Controlled Key), a classic authorization flaw where the application trusts client-supplied identifiers without validating ownership. The affected endpoint uses the function model.GetByOnlyTaskId(taskID) which queries the database by task_id parameter alone, whereas the security-correct pattern used elsewhere in the codebase is model.GetByTaskId(userId, taskID), which includes both the user context and task identifier. This inconsistency allows an attacker to construct requests with arbitrary task_id values, bypassing the intended multi-tenant isolation and gaining access to video content and associated provider credentials not belonging to them.

RemediationAI

Upgrade New API to version 0.11.4-alpha.2 or later immediately, which contains the authorization bypass patch. Verify the patch by checking commit 50ec2bac6b341e651fc9ac4344e3bd2cdaeafdbd in the repository (https://github.com/QuantumNous/new-api/commit/50ec2bac6b341e651fc9ac4344e3bd2cdaeafdbd). As an interim mitigation prior to patching, implement network-level access controls restricting the video proxy endpoint (GET /v1/videos/:task_id/content) to trusted clients or disable the endpoint if not in use. Additionally, audit access logs for the affected endpoint to identify any unauthorized task_id access patterns, and consider rotating AI provider credentials (Google Gemini, OpenAI API keys) if the system handles sensitive workloads. Implement application-level rate limiting and monitoring on the video proxy endpoint to detect anomalous access patterns that may indicate exploitation attempts.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-30886 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy