CVE-2026-25802 is a Cross-Site Scripting (XSS) vulnerability identified in the QuantumNous new-api, an AI asset management and large language model (LLM) gateway system. The vulnerability resides in the MarkdownRenderer.jsx component, which improperly neutralizes input during web page generation. Specifically, when the model outputs items containing <script> tags, the component fails to sanitize or escape these inputs, allowing malicious scripts to be injected and executed in the context of the user's browser. This flaw affects all versions prior to 0.10.8-alpha.9, where the issue has been addressed. The vulnerability has a CVSS 3.1 base score of 7.6, indicating high severity, with an attack vector of network, low attack complexity, requiring privileges and user interaction, and causing a scope change. The impact primarily compromises integrity by allowing script injection that can alter application behavior or steal sensitive data, with limited availability impact. No known exploits have been reported in the wild yet, but the vulnerability poses a significant risk given the widespread use of AI gateways and asset management platforms in enterprise environments. The vulnerability is classified under CWE-79, highlighting improper input neutralization during web page generation as the root cause.

The vulnerability enables attackers to inject malicious scripts into web pages rendered by the QuantumNous new-api, potentially leading to unauthorized actions such as session hijacking, credential theft, or manipulation of AI asset management data. This can undermine the integrity of the system and trust in AI outputs, possibly causing operational disruptions or data breaches. Organizations relying on this platform for managing AI models and assets may face targeted attacks that compromise sensitive AI workflows or intellectual property. The requirement for user interaction and privileges limits exploitation somewhat but does not eliminate risk, especially in environments with many users or automated interactions. The scope change indicates that the vulnerability can affect components beyond the initial vulnerable module, increasing potential damage. The limited availability impact suggests denial-of-service is less likely but still possible through script-based attacks. Overall, the threat could disrupt AI service reliability and confidentiality, impacting sectors heavily invested in AI technologies.

Organizations should immediately upgrade QuantumNous new-api to version 0.10.8-alpha.9 or later to remediate the vulnerability. Beyond patching, implement strict input validation and output encoding in all components that render user or model-generated content, especially those handling markdown or HTML. Employ Content Security Policy (CSP) headers to restrict script execution sources and reduce the impact of any injected scripts. Conduct thorough code reviews focusing on sanitization of dynamic content in UI components. Monitor logs and user activity for unusual script execution or injection attempts. Educate users about the risks of interacting with untrusted content within the platform. If upgrading is delayed, consider disabling or restricting features that render markdown content from untrusted sources. Finally, integrate automated security testing tools that detect XSS vulnerabilities during development and deployment cycles to prevent regressions.