Authentication Bypass by Assumed-Immutable Data

Overview Affected versions of this package are vulnerable to Authentication Bypass by Assumed-Immutable Data in the step-up verification process. An attacker can gain unauthorized access to root-only channel secrets by bypassing authentication mechanisms using passkey-based methods. Remediation...

GO-2026-4813 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api...

EUVD-2026-14522

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure...

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

CVE-2026-32879

CVE-2026-32879 affects New API (LLM gateway/AI asset management). Beginning with version 0.10.0, a logic flaw in the universal secure verification flow lets an authenticated user with a registered passkey satisfy secure verification without completing a WebAuthn assertion. Exploitation status is ...