Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs items containing `<script>` tag. Version 0.10.8-alpha.9 fixes the issue.

INFO

Published Date :

2026-02-24T00:42:45.515Z

Last Modified :

2026-02-26T14:58:43.459Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25802 vulnerability.

Vendors Products
Newapi
  • New Api
Quantumnous
  • New-api
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25802.

URL Resource
https://github.com/QuantumNous/new-api/commit/ab5456eb1049aa8a0f3e51f359907ec7fff38b4b cve-icon cve-icon
https://github.com/QuantumNous/new-api/security/advisories/GHSA-299v-8pq9-5gjq cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact