QuantumNous new-api, an LLM gateway and AI asset management system, contained an authorization bypass vulnerability identified as CVE-2026-30886. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) and manifests as an Insecure Direct Object Reference (IDOR) in the video proxy endpoint (`GET /v1/videos/:task_id/content`). Specifically, the API function `model.GetByOnlyTaskId(taskID)` retrieves video content based solely on the task_id parameter without validating that the requesting user owns the task. This contrasts with other task lookups in the codebase that require both userId and taskID, ensuring ownership verification. As a result, any authenticated user can access video content belonging to other users. Additionally, this flaw causes the server to authenticate to upstream AI providers such as Google Gemini and OpenAI using credentials derived from unauthorized tasks, potentially exposing sensitive credentials or enabling unauthorized API usage. The vulnerability affects all versions prior to 0.11.4-alpha.2, where a patch was introduced to enforce proper ownership checks by including userId in the query. The CVSS v3.1 score is 6.5 (medium severity), with an attack vector of network, low attack complexity, requiring privileges (authenticated user), no user interaction, and impacting confidentiality but not integrity or availability. No known exploits are reported in the wild as of the publication date.

This vulnerability allows authenticated users to access video content and AI task credentials that belong to other users, leading to unauthorized disclosure of potentially sensitive or proprietary information. For organizations, this can result in data leakage, violation of privacy policies, and exposure of AI provider credentials that might be used to perform unauthorized operations or incur unexpected costs. The misuse of upstream AI credentials could also lead to reputational damage or further compromise if attackers leverage these credentials for malicious activities. Since the flaw does not affect data integrity or availability, the primary impact is confidentiality loss. However, the scope of affected systems is significant for any organization deploying QuantumNous new-api versions prior to 0.11.4-alpha.2, especially those handling sensitive AI workloads or proprietary video content. The requirement for authentication limits exploitation to insiders or compromised accounts, but the ease of exploitation is low complexity once authenticated.

Organizations should immediately upgrade QuantumNous new-api to version 0.11.4-alpha.2 or later, where the authorization bypass has been patched by enforcing user ownership checks in task queries. Until upgrade is possible, implement strict access controls and monitoring on the video proxy endpoint to detect anomalous access patterns, such as users requesting video content for tasks they do not own. Conduct audits of user permissions and ensure least privilege principles are enforced to reduce the risk of insider exploitation. Additionally, review and rotate any AI provider credentials that may have been exposed or misused due to this vulnerability. Implement logging and alerting on API calls to upstream AI providers to detect unauthorized usage. Finally, perform a security review of all API endpoints to ensure consistent authorization checks are applied, preventing similar IDOR issues.