Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. As of time of publication, no known patched versions are available. Until a patched release is applied, do not rely on passkey as the step-up method for privileged secure-verification actions; require TOTP/2FA for those actions where operationally possible; or temporarily restrict access to affected secure-verification-protected endpoints.
AnalysisAI
A logic flaw in New API's universal secure verification flow allows authenticated users with registered passkeys to bypass WebAuthn assertion completion, effectively circumventing step-up authentication for privileged actions. This affects New API versions 0.10.0 and later, enabling authenticated attackers with passkey enrollment to access sensitive functionality without completing proper cryptographic verification. No patched versions are currently available, making this an unresolved authentication bypass affecting all current deployments.
Technical ContextAI
New API (QuantumNous/new-api) is an LLM gateway and AI asset management system that implements WebAuthn-based passkey authentication as a second factor for privileged operations. The vulnerability resides in CWE-287 (Improper Authentication), specifically in the secure verification workflow logic that validates passkey attestation. Rather than requiring completion of a WebAuthn assertion challenge-response cycle, the flawed logic permits authenticated users to satisfy the verification requirement through an incomplete or bypassed assertion flow. This affects the CPE cpe:2.3:a:quantumnous:new-api:*:*:*:*:*:*:*:* across all versions from 0.10.0 forward, impacting the cryptographic validation layer that should enforce multi-factor authentication for sensitive operations.
RemediationAI
A permanent patch is not yet available for New API. Until a patched release is published, implement the following compensating controls: (1) do not rely on passkey as the sole step-up authentication method for privileged secure-verification actions; (2) require TOTP or hardware-based 2FA (such as time-based one-time passwords or hardware security keys with independent attestation) for all sensitive operations where operationally feasible; (3) temporarily restrict network access to affected secure-verification-protected endpoints to trusted administrative ranges or use reverse proxy authentication in front of the gateway; (4) monitor authentication logs for passkey-based verification attempts and cross-correlate with sensitive action logs to detect exploitation attempts. Subscribe to the GitHub Security Advisory (https://github.com/QuantumNous/new-api/security/advisories/GHSA-5353-f8fq-65vc) for patch availability notifications.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14522
GHSA-5353-f8fq-65vc