ByteOS Network

NVD Vulnerability Details :

CVE-2026-41432

Undergoing Analysis

Source-security-advisories@github.com

Published At-08 May, 2026 | 23:16

Updated At-13 May, 2026 | 18:29

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. This issue has been patched in version 0.12.10.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Type: Secondary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Weaknesses

CWE ID	Type	Source
CWE-345	Secondary	security-advisories@github.com
CWE-863	Secondary	security-advisories@github.com
CWE-1188	Secondary	security-advisories@github.com

CWE ID: CWE-345

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-863

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-1188

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/QuantumNous/new-api/releases/tag/v0.12.10	security-advisories@github.com	N/A
https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4	security-advisories@github.com	N/A
https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A