Advisories for Golang/Github.com/QuantumNous/New-Api package

2026

New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

The default SSRF protection configuration did not apply IP filtering to hostnames. With ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure notification URLs for Webhook, Bark, or Gotify notifications and point a hostname at an internal or metadata IP address.

New API is vulnerable to CSRF through user email binding

The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth identity. Affected endpoints included: GET /api/oauth/email/bind GET /api/oauth/wechat/bind

QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

The SSRF protection introduced in v0.9.0.5 (CVE-2025-59146) and hardened in v0.9.6 (CVE-2025-62155) does not block the unspecified address 0.0.0.0. A regular (non-admin) user holding any valid API token can send a multimodal request to /v1/chat/completions, /v1/responses, or /v1/messages with 0.0.0.0 as the image/file URL host, bypassing the private-IP filter and causing the server to issue HTTP requests to localhost. This constitutes at minimum a blind SSRF; when the request is …

New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

A critical vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. The vulnerability stems from three compounding flaws: The Stripe webhook endpoint does not reject requests when StripeWebhookSecret is empty (the default). When the HMAC secret is empty, any attacker can compute valid webhook signatures, effectively bypassing signature verification entirely. The Recharge …

2025

new-api is vulnerable to SSRF Bypass

A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successfully access the intranet.