New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check
Description
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference (IDOR) vulnerability in the video proxy endpoint (GET /v1/videos/:task_id/content) allows any authenticated user to access video content belonging to other users and causes the server to authenticate to upstream AI providers (Google Gemini, OpenAI) using credentials derived from tasks they do not own. The missing authorization check is a single function call — model.GetByOnlyTaskId(taskID) queries by task_id alone with no user_id filter, while every other task-lookup in the codebase enforces ownership via model.GetByTaskId(userId, taskID). Version 0.11.4-alpha.2 contains a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IDOR in New API's video proxy lets authenticated users access other users' videos and use their AI provider credentials, patched in 0.11.4-alpha.2.
CVE-2026-30886 is an Insecure Direct Object Reference (IDOR) vulnerability in the New API LLM gateway and AI asset management system. The vulnerability exists in the video proxy endpoint (GET /v1/videos/:task_id/content). The root cause is that the handler uses model.GetByOnlyTaskId(taskID) which queries by task_id alone without verifying user ownership, whereas all other task lookups use model.GetByTaskId(userId, taskID) that enforces ownership [2][3].
To exploit this, an authenticated attacker only needs to know another user's valid task_id. The attacker can then send a request to the endpoint with their own authentication token and the victim's task ID, bypassing tenant isolation. The server will fetch the task and return the video content, and for tasks using upstream AI providers like Gemini or OpenAI, it will use credentials (e.g., task.PrivateData.Key) associated with the victim's task to authenticate to the upstream provider [3].
The impact includes unauthorized access to video content of other users, exposure of sensitive AI API credentials, and potential abuse of upstream AI services on behalf of the victim. For Gemini tasks, full upstream response headers are also forwarded to the requester, potentially leaking additional information [3].
The vulnerability affects versions prior to 0.11.4-alpha.2. The fix is implemented in commit 50ec2bac6b341e651fc9ac4344e3bd2cdaeafdbd, which changes the task retrieval to include the user ID from the request context, ensuring ownership is checked [4]. Users are advised to upgrade to the patched version [1][3].
- GitHub - QuantumNous/new-api: A unified AI model hub for aggregation & distribution. It supports cross-converting various LLMs into OpenAI-compatible, Claude-compatible, or Gemini-compatible formats. A centralized gateway for personal and enterprise model management. 🍥
- NVD - CVE-2026-30886
- IDOR in VideoProxy allows cross-user video content access via missing ownership check
- fix(video_proxy): update task retrieval to include user ID for improv… · QuantumNous/new-api@50ec2ba
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/QuantumNous/new-apiGo | < 0.11.4-alpha.2 | 0.11.4-alpha.2 |
Affected products
1- QuantumNous/new-apiv5Range: < 0.11.4-alpha.2
Patches
150ec2bac6b34fix(video_proxy): update task retrieval to include user ID for improved context
1 file changed · +2 −1
controller/video_proxy.go+2 −1 modified@@ -35,7 +35,8 @@ func VideoProxy(c *gin.Context) { return } - task, exists, err := model.GetByOnlyTaskId(taskID) + userID := c.GetInt("id") + task, exists, err := model.GetByTaskId(userID, taskID) if err != nil { logger.LogError(c.Request.Context(), fmt.Sprintf("Failed to query task %s: %s", taskID, err.Error())) videoProxyError(c, http.StatusInternalServerError, "server_error", "Failed to query task")
Vulnerability mechanics
Root cause
"Missing user ownership check in the video proxy endpoint — `model.GetByOnlyTaskId(taskID)` queries by task_id alone without filtering by user_id, allowing any authenticated user to access another user's video task."
Attack vector
An authenticated attacker calls `GET /v1/videos/:task_id/content` with a `task_id` that belongs to another user. Because the handler uses `model.GetByOnlyTaskId(taskID)` [patch_id=442691] instead of the ownership-enforcing `model.GetByTaskId(userId, taskID)`, the server returns the victim's video content and, more critically, derives upstream AI provider credentials (Google Gemini, OpenAI) from the victim's task. The attacker needs only a valid session token; no special privileges or configuration changes are required.
Affected code
The vulnerability resides in `controller/video_proxy.go` in the `VideoProxy` function. The handler calls `model.GetByOnlyTaskId(taskID)` to look up a task by its ID alone, without any user ownership filter. Every other task-lookup in the codebase uses `model.GetByTaskId(userId, taskID)`, which enforces that the task belongs to the requesting user.
What the fix does
The patch replaces `model.GetByOnlyTaskId(taskID)` with `model.GetByTaskId(userID, taskID)` [patch_id=442691], adding the caller's `userID` (obtained via `c.GetInt("id")`) as a filter parameter. This aligns the video proxy lookup with every other task-lookup in the codebase, which already enforces ownership. The change closes the IDOR by ensuring the query returns a task only if it belongs to the requesting user.
Preconditions
- authAttacker must be an authenticated user of the New-API system (valid session token).
- inputAttacker must know or guess a valid task_id belonging to another user.
Generated on May 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-f35r-v9x5-r8mcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-30886ghsaADVISORY
- github.com/QuantumNous/new-api/commit/50ec2bac6b341e651fc9ac4344e3bd2cdaeafdbdghsax_refsource_MISCWEB
- github.com/QuantumNous/new-api/security/advisories/GHSA-f35r-v9x5-r8mcghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.