New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

A logic flaw exists in the universal secure verification flow of New API, an LLM gateway and AI asset management system, starting from version 0.10.0. The vulnerability lies in the POST /api/verify endpoint, which supports multiple secure verification methods including passkeys. When a request body contains {"method":"passkey"}, the server only checks whether the authenticated account has a passkey record on file and then marks the secure verification session as complete. It does not verify that the requester successfully completed a WebAuthn assertion, thus failing to enforce proper authentication for step-up verification [1][2].

The attack surface is limited to authenticated users who already have a valid session and a registered passkey on their account. The attacker can satisfy the secure verification requirement without performing the intended passkey challenge/response flow, defeating the step-up control for actions protected by `SecureVerificationRequired[] [2]. No full login bypass or cross-account escalation is indicated, but the issue directly impacts privileged endpoints such as the root-only POST /api/channel/:id/key, which returns stored channel secrets [2].

Successful exploitation allows an authenticated user to bypass the intended step-up verification and gain access to sensitive operations that should require stronger authentication. In the upstream project, the primary impact is confirmed for the channel secret disclosure endpoint, where an attacker could retrieve stored secrets without completing the required assertion [2].

As of publication, no patched version has been released [2]. Workarounds include avoiding reliance on passkey as the step-up method for privileged secure-verification actions, requiring TOTP/2FA for those actions where operationally possible, or temporarily restricting access to affected endpoints protected secure verification [2].