CVE-2026-9306 in new-apiinformação

Sumário

de MITRE • 23/05/2026

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

VulDB

Divulgação

23/05/2026

Moderação

aceite

Entrada

VDB-365253

CPE

pronto

CWE

CWE-639 (confirmado)

Exploração

Descarregar

CVSS

3.7 (VulDB)

EPSS

0.00039

KEV

não

Atividades

muito baixo

Sector

Pharma, Agriculture, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9306
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9306
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9306/

◂ Voltar Visão Geral Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!