CVE-2026-33655 in new-apiالمعلومات

الملخص

بحسب MITRE • 10/07/2026

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticated users to configure Webhook, Bark, or Gotify notification URLs that point at an internal or metadata IP address. This issue is fixed in version 0.12.0-alpha.1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

مسؤول

GitHub M

حجز

23/03/2026

إفشاء

10/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377364

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you know our Splunk app?

Download it now for free!