VYPR
High severityNVD Advisory· Published Feb 24, 2026· Updated Feb 26, 2026

New API has Potential XSS in its MarkdownRenderer component

CVE-2026-25802

Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site Scripting(XSS) when the model outputs items containing `` tag. Version 0.10.8-alpha.9 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/QuantumNous/new-apiGo
< 0.10.8-alpha.90.10.8-alpha.9

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.