CVE-2026-33655 in new-api
Summary
by MITRE • 07/10/2026
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticated users to configure Webhook, Bark, or Gotify notification URLs that point at an internal or metadata IP address. This issue is fixed in version 0.12.0-alpha.1.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/10/2026
This vulnerability resides within New API's LLM gateway and AI asset management system where a critical server-side request forgery flaw existed in versions prior to 0.12.0-alpha.1. The core technical issue stems from the default configuration that failed to implement proper IP address validation during hostname resolution, creating a significant security gap in the system's network protection mechanisms. The vulnerability manifests when the ApplyIPFilterForDomain setting remains disabled by default, which means that while domain allow/block rules are properly validated, the system does not perform reverse DNS resolution to verify that the resolved IP address falls within acceptable network boundaries.
The operational impact of this vulnerability is substantial as authenticated users can leverage this weakness to configure notification endpoints such as Webhook, Bark, or Gotify services that redirect traffic to internal network addresses or metadata service endpoints. This allows attackers who have gained authentication access to potentially exfiltrate sensitive information from internal systems, perform reconnaissance on internal infrastructure, or even establish command and control channels through the compromised notification system. The vulnerability essentially creates an unauthorized pathway for internal network traversal, bypassing standard firewall and network segmentation controls that would normally prevent external access to internal resources.
From a cybersecurity perspective, this issue maps directly to CWE-918 Server-Side Request Forgery and aligns with ATT&CK technique T1071.004 Application Layer Protocol: DNS where adversaries exploit application-level protocols to gain unauthorized access to internal systems. The flaw represents a classic case of insufficient input validation combined with inadequate network boundary enforcement, allowing attackers to manipulate the system's trust relationships with internal services.
The mitigation strategy involves upgrading to version 0.12.0-alpha.1 or later where the default configuration properly enables IP filtering for domain resolution. Organizations should also implement additional security controls including network segmentation, strict firewall rules limiting outbound connections from the API gateway, and monitoring for unusual notification endpoint configurations. Security teams should conduct thorough audits of all notification system configurations to identify and remediate any existing maliciously configured endpoints while implementing principle of least privilege access controls for authentication mechanisms that can modify notification settings.