{"api_version":"1","generated_at":"2026-07-17T14:07:32+00:00","cve":"CVE-2026-33655","urls":{"html":"https://cve.report/CVE-2026-33655","api":"https://cve.report/api/cve/CVE-2026-33655.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-33655","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-33655"},"summary":{"title":"New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs","description":"New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticated users to configure Webhook, Bark, or Gotify notification URLs that point at an internal or metadata IP address. This issue is fixed in version 0.12.0-alpha.1.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-07-09 23:17:04","updated_at":"2026-07-16 16:36:20"},"problem_types":["CWE-918","CWE-918 CWE-918: Server-Side Request Forgery (SSRF)"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"7.7","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.7","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://github.com/QuantumNous/new-api/commit/20399d3c8fcb4e3649d53163eb11940fd6763743","name":"https://github.com/QuantumNous/new-api/commit/20399d3c8fcb4e3649d53163eb11940fd6763743","refsource":"security-advisories@github.com","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/QuantumNous/new-api/releases/tag/v0.12.0-alpha.1","name":"https://github.com/QuantumNous/new-api/releases/tag/v0.12.0-alpha.1","refsource":"security-advisories@github.com","tags":["Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/QuantumNous/new-api/security/advisories/GHSA-6qcr-qxgr-m7fv","name":"https://github.com/QuantumNous/new-api/security/advisories/GHSA-6qcr-qxgr-m7fv","refsource":"security-advisories@github.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-33655","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33655","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"QuantumNous","product":"new-api","version":"affected < 0.12.0-alpha.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"33655","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"newapi","cpe5":"new_api","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"33655","cve":"CVE-2026-33655","epss":"0.004370000","percentile":"0.354100000","score_date":"2026-07-16","updated_at":"2026-07-17 00:05:18"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-33655","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-10T14:16:34.619775Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-10T14:16:49.910Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"new-api","vendor":"QuantumNous","versions":[{"status":"affected","version":"< 0.12.0-alpha.1"}]}],"descriptions":[{"lang":"en","value":"New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticated users to configure Webhook, Bark, or Gotify notification URLs that point at an internal or metadata IP address. This issue is fixed in version 0.12.0-alpha.1."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-918","description":"CWE-918: Server-Side Request Forgery (SSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-09T22:28:46.992Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/QuantumNous/new-api/security/advisories/GHSA-6qcr-qxgr-m7fv","tags":["x_refsource_CONFIRM"],"url":"https://github.com/QuantumNous/new-api/security/advisories/GHSA-6qcr-qxgr-m7fv"},{"name":"https://github.com/QuantumNous/new-api/commit/20399d3c8fcb4e3649d53163eb11940fd6763743","tags":["x_refsource_MISC"],"url":"https://github.com/QuantumNous/new-api/commit/20399d3c8fcb4e3649d53163eb11940fd6763743"},{"name":"https://github.com/QuantumNous/new-api/releases/tag/v0.12.0-alpha.1","tags":["x_refsource_MISC"],"url":"https://github.com/QuantumNous/new-api/releases/tag/v0.12.0-alpha.1"}],"source":{"advisory":"GHSA-6qcr-qxgr-m7fv","discovery":"UNKNOWN"},"title":"New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-33655","datePublished":"2026-07-09T22:28:46.992Z","dateReserved":"2026-03-23T15:23:42.218Z","dateUpdated":"2026-07-10T14:16:49.910Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-09 23:17:04","lastModifiedDate":"2026-07-16 16:36:20","problem_types":["CWE-918","CWE-918 CWE-918: Server-Side Request Forgery (SSRF)"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:16:34.619775Z","id":"CVE-2026-33655","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:newapi:new_api:*:*:*:*:*:*:*:*","versionEndExcluding":"0.12.0","matchCriteriaId":"A595535A-9567-45DD-B891-0A8B18D7D574"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"33655","Ordinal":"1","Title":"New API: SSRF Protection Bypass via Unresolved Hostname in Notif","CVE":"CVE-2026-33655","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"33655","Ordinal":"1","NoteData":"New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticated users to configure Webhook, Bark, or Gotify notification URLs that point at an internal or metadata IP address. This issue is fixed in version 0.12.0-alpha.1.","Type":"Description","Title":"New API: SSRF Protection Bypass via Unresolved Hostname in Notif"}]}}}