Vulnerability Description
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. This issue has been patched in version 0.12.10.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Newapi | New Api | < 0.12.10 |
Related Weaknesses (CWE)
References
- https://github.com/QuantumNous/new-api/releases/tag/v0.12.10ProductRelease Notes
- https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4ExploitMitigationVendor Advisory
- https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4ExploitMitigationVendor Advisory
FAQ
What is CVE-2026-41432?
CVE-2026-41432 is a vulnerability with a CVSS score of 7.1 (HIGH). New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an u...
How severe is CVE-2026-41432?
CVE-2026-41432 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41432?
Check the references section above for vendor advisories and patch information. Affected products include: Newapi New Api.