CVE-2026-25802 in new-api
Summary
by MITRE • 02/24/2026
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs items containing `` tag. Version 0.10.8-alpha.9 fixes the issue.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/24/2026
The vulnerability described in CVE-2026-25802 affects New API, a large language model gateway and artificial intelligence asset management system that serves as a centralized platform for handling AI workloads and model outputs. This system operates as an interface between users and various AI models, processing and rendering responses that may contain markdown formatted content. The specific flaw resides within the MarkdownRenderer.jsx component which is responsible for converting markdown text into HTML for display purposes. The vulnerability manifests when the system processes model outputs that contain html tags, creating a potential attack vector that could compromise user sessions and data integrity.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the MarkdownRenderer.jsx component. When processing model-generated content, the system fails to properly escape or filter html tags that may be present in the output, allowing malicious actors to inject arbitrary javascript code through specially crafted model responses. This unsafe operation directly maps to CWE-79 which defines Cross-Site Scripting vulnerabilities as a result of improper handling of untrusted data. The vulnerability specifically exploits the rendering process where user-supplied content is converted from markdown format to html without adequate security measures to prevent script execution. The issue occurs when the system encounters model outputs containing tag structures that can be interpreted as executable javascript code, creating a persistent threat vector that can be leveraged for session hijacking, data theft, or further system compromise.
The operational impact of this vulnerability extends beyond simple script execution as it represents a significant security risk within AI asset management systems where trust is placed in model outputs. Attackers could potentially inject malicious scripts that would execute in the context of other users' browsers, leading to session theft, data exfiltration, or even privilege escalation within the AI management environment. The vulnerability affects all versions prior to 0.10.8-alpha.9, meaning any deployment using earlier releases remains exposed to potential exploitation. Given that this is an AI gateway system, the implications are particularly severe as it could enable attackers to manipulate model outputs in ways that compromise the integrity of AI workflows and potentially influence decision-making processes that rely on these systems. The threat is amplified in environments where multiple users interact with the same AI asset management platform, as a single compromised session could affect an entire user base.
The remediation for this vulnerability was implemented in version 0.10.8-alpha.9 through proper input sanitization and output encoding mechanisms within the MarkdownRenderer.jsx component. This fix aligns with established security practices for preventing XSS vulnerabilities by ensuring that all user-supplied content is properly escaped before rendering. The solution should include comprehensive input validation that filters or removes potentially dangerous html elements and attributes from model outputs before they are processed by the markdown renderer. Organizations should implement a multi-layered approach to security that includes regular vulnerability assessments, input validation at multiple points in the system, and adherence to secure coding practices. The fix demonstrates the importance of maintaining up-to-date software versions and implementing proper security controls in AI systems where user interaction with model outputs creates potential attack surfaces. This vulnerability also highlights the need for security considerations in AI asset management platforms, as these systems often handle sensitive data and require robust protection against common web application vulnerabilities. The resolution process should include thorough testing to ensure that legitimate markdown formatting continues to function while eliminating the XSS risk, following the principle of least privilege and defense in depth strategies that are fundamental to secure system design.