CVE-2026-25802
Cross-Site Scripting in New API MarkdownRenderer Component
Publication date: 2026-02-24
Last updated on: 2026-02-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| newapi | new_api | to 0.10.8 (exc) |
| newapi | new_api | 0.10.8 |
| newapi | new_api | 0.10.8 |
| newapi | new_api | 0.10.8 |
| newapi | new_api | 0.10.8 |
| newapi | new_api | 0.10.8 |
| newapi | new_api | 0.10.8 |
| newapi | new_api | 0.10.8 |
| newapi | new_api | 0.10.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-25802 is a high-severity Cross-Site Scripting (XSS) vulnerability found in the MarkdownRenderer component of the QuantumNous new-api project before version 0.10.8-alpha.9.'}, {'type': 'paragraph', 'content': "The issue occurs because the component uses React's dangerouslySetInnerHTML to render HTML output generated by the AI model without sanitizing it. This allows malicious scripts, such as injected <script> tags, to execute in the user's browser."}, {'type': 'paragraph', 'content': 'An example exploit involves prompting the model to generate a script that redirects the browser to another site like google.com without user consent.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to malicious scripts running in your browser when interacting with the affected playground feature of the new-api.
Such scripts can perform unauthorized actions like redirecting your browser to malicious sites, potentially compromising your session or data integrity.
Because the exploit can be stored in chat records, it may persist and re-trigger when reopening the affected pages, making it difficult to remove.
Overall, it impacts the integrity of your interactions and availability of the service, with a CVSS score indicating high severity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing if the MarkdownRenderer component renders unsanitized HTML containing script tags, which leads to Cross-Site Scripting (XSS). A proof-of-concept involves prompting the model with a phrase that causes it to output a script tag, such as a request to write a script that redirects the browser to another site.'}, {'type': 'paragraph', 'content': 'To detect this on your system, you can attempt to input or simulate AI-generated content containing <script> tags in the playground environment and observe if the script executes in the browser.'}, {'type': 'paragraph', 'content': "There are no specific command-line tools or commands provided in the resources for automated detection, but manual testing by injecting payloads like <script>alert('XSS')</script> in the playground input and monitoring browser behavior can reveal the vulnerability."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to upgrade the New API software to version 0.10.8-alpha.9 or later, where the vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'If upgrading is not immediately possible, a suggested workaround is to render the AI-generated HTML preview inside a sandboxed iframe to block script execution and sanitize dangerous HTML strings before rendering.'}, {'type': 'list_item', 'content': "Replace usage of React's dangerouslySetInnerHTML with a sandboxed iframe component that restricts script execution."}, {'type': 'list_item', 'content': 'Escape HTML entities in AI-generated content to prevent injection of executable code.'}, {'type': 'paragraph', 'content': "These mitigations reduce the risk of XSS attacks by preventing malicious scripts from executing in the user's browser."}] [1, 2]