CVE-2026-42339
Server-Side Request Forgery in New API AI Gateway
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the New API, a large language model gateway and AI asset management system. In versions 0.11.9-alpha.1 and earlier, the SSRF (Server-Side Request Forgery) protection does not block the unspecified address 0.0.0.0. This means that any regular user with a valid API token can send requests to certain endpoints using 0.0.0.0 as the image or file URL host, bypassing the private IP filter.
As a result, the server issues HTTP requests to localhost, which can lead to a blind SSRF attack. When the request is routed through an AWS/Bedrock Claude adaptor, the fetched content is included in the model response, escalating the issue to a full-read SSRF.
At the time of publication, no public patches are available to fix this vulnerability.
How can this vulnerability impact me? :
This vulnerability allows an attacker with a valid API token to bypass private IP filters and make the server send HTTP requests to localhost. This can lead to unauthorized access to internal services or data that are not normally exposed externally.
In cases where the request is routed through an AWS/Bedrock Claude adaptor, the attacker can retrieve and inline sensitive content into the model's response, potentially exposing confidential information.
Overall, this can result in data leakage, unauthorized internal network access, and compromise of system integrity.