HIGH SeverityCVSS 3.17.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CVE-2026-41432

Last updated May 08, 2026 · Published May 08, 2026

Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. This issue has been patched in version 0.12.10.

Affected products

1 listed

QuantumNous:new-api

Mappings

CWE

CWE-1188CWE-345CWE-863

CAPEC

None listed.

Guides

JWT Security Best PracticesWhat to validate, rotate, and avoid in real systems.
Secure Webhook VerificationSignature validation, replay protection, and idempotency.
Webhook Replay Attack ProtectionTime windows, nonces, and storage strategies.

Training

Secure Defaults in Modern FrameworksHow Rails, Next.js, Django, and Spring protect you - and where they don't.
Authorisation and Access ControlRBAC, ABAC, and privilege escalation patterns in real applications.

CVE-2026-41432

Description

Affected products

Mappings

Related