CVE-2026-25802

High CVSS: 7.6

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs items containing `<script>` tag. Version 0.10.8-alpha.9 fixes the issue.

Vendor

Newapi

Product

New Api

CWE

CWE-79

Yayın Tarihi

2026-02-24 01:16:14

Güncelleme

2026-02-25 20:17:51

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 New Api HIGH Newapi 2026

Referanslar

https://github.com/QuantumNous/new-api/commit/ab5456eb1049aa8a0f3e51f359907ec7fff38b4b https://github.com/QuantumNous/new-api/security/advisories/GHSA-299v-8pq9-5gjq

Benzer Kayıtlar

Medium

CVE-2026-32879

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in ver…

Medium

CVE-2026-30886

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to versio…

High

CVE-2026-25591

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to versio…

High

CVE-2025-55573

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).