CVE-2026-30886 Overview
CVE-2026-30886 is an Insecure Direct Object Reference (IDOR) vulnerability affecting New API, a large language model (LLM) gateway and artificial intelligence (AI) asset management system. The vulnerability exists in the video proxy endpoint (GET /v1/videos/:task_id/content) and allows any authenticated user to access video content belonging to other users. Additionally, the flaw causes the server to authenticate to upstream AI providers (Google Gemini, OpenAI) using credentials derived from tasks the attacker does not own.
Critical Impact
Authenticated attackers can access other users' video content and leverage victim credentials to authenticate with upstream AI providers, potentially exposing sensitive AI-generated content and API credentials.
Affected Products
- New API versions prior to 0.11.4-alpha.2
- New API version 0.11.4-alpha1
- All deployments using the vulnerable video proxy endpoint
Discovery Timeline
- 2026-03-23 - CVE CVE-2026-30886 published to NVD
- 2026-03-25 - Last updated in NVD database
Technical Details for CVE-2026-30886
Vulnerability Analysis
This vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key), commonly known as an Insecure Direct Object Reference (IDOR). The flaw allows authenticated users to bypass authorization controls and access resources belonging to other users by directly manipulating the task_id parameter in API requests.
The vulnerability is particularly significant in the context of an LLM gateway system, as it exposes not only user-generated content but also enables attackers to leverage victim credentials when the server proxies requests to upstream AI providers like Google Gemini and OpenAI. This could result in unauthorized access to AI-generated video content, potential billing fraud against victim accounts, and exposure of sensitive prompts or responses stored in the system.
Root Cause
The root cause is a missing authorization check in the video proxy endpoint. The vulnerable function model.GetByOnlyTaskId(taskID) queries the database using only the task_id parameter without filtering by user_id. This is inconsistent with the rest of the codebase, where task lookups enforce ownership via model.GetByTaskId(userId, taskID). This single oversight creates a horizontal privilege escalation vulnerability where any authenticated user can access any task by simply knowing or guessing valid task IDs.
Attack Vector
The attack is network-based and requires only low-privilege authenticated access. An attacker can exploit this vulnerability by:
- Authenticating to the New API system with valid credentials
- Sending GET requests to /v1/videos/:task_id/content with arbitrary task_id values
- Enumerating or guessing valid task IDs belonging to other users
- Accessing video content and triggering upstream API calls using victim credentials
The patch addresses this by adding proper ownership verification:
}
- task, exists, err := model.GetByOnlyTaskId(taskID)
+ userID := c.GetInt("id")
+ task, exists, err := model.GetByTaskId(userID, taskID)
if err != nil {
logger.LogError(c.Request.Context(), fmt.Sprintf("Failed to query task %s: %s", taskID, err.Error()))
videoProxyError(c, http.StatusInternalServerError, "server_error", "Failed to query task")
Source: GitHub Commit Changes
Detection Methods for CVE-2026-30886
Indicators of Compromise
- Anomalous access patterns to /v1/videos/:task_id/content endpoint from single user sessions accessing multiple distinct task IDs
- Increased 200 OK responses on video proxy endpoint combined with rapid sequential requests
- Log entries showing task access where the requesting user ID does not match the task owner
- Unusual upstream API usage patterns to Google Gemini or OpenAI from specific task contexts
Detection Strategies
- Implement API request logging that correlates task_id access with authenticated user identity
- Monitor for sequential enumeration patterns in task_id parameters (e.g., incrementing numeric IDs)
- Configure alerting for users accessing tasks outside their normal usage patterns
- Review application logs for GetByOnlyTaskId function calls if running vulnerable versions
Monitoring Recommendations
- Enable detailed access logging on the /v1/videos/ endpoint path
- Implement rate limiting and anomaly detection on video content retrieval endpoints
- Monitor upstream AI provider API usage for unexpected credential usage or billing anomalies
- Set up alerts for high-frequency 404/403 responses indicating potential enumeration attempts
How to Mitigate CVE-2026-30886
Immediate Actions Required
- Upgrade New API to version 0.11.4-alpha.2 or later immediately
- Review access logs for potential exploitation of the vulnerable endpoint
- Audit all task-related database queries for consistent ownership enforcement
- Consider rotating API credentials for upstream AI providers if exploitation is suspected
Patch Information
The vulnerability is fixed in New API version 0.11.4-alpha.2. The patch modifies the controller/video_proxy.go file to include user ID verification when retrieving tasks. The fix replaces the call to model.GetByOnlyTaskId(taskID) with model.GetByTaskId(userID, taskID), ensuring that users can only access tasks they own.
For detailed patch information, refer to:
Workarounds
- Restrict access to the /v1/videos/:task_id/content endpoint at the reverse proxy or WAF level until patching is complete
- Implement additional authentication middleware that validates task ownership before the request reaches the vulnerable handler
- Temporarily disable the video proxy feature if not critical to operations
- Deploy network segmentation to limit which users can reach the affected endpoint
# Example nginx configuration to restrict video endpoint access
location /v1/videos/ {
# Temporarily restrict access while awaiting patch
allow 10.0.0.0/8; # Internal network only
deny all;
# Or implement IP-based access control
# auth_basic "Restricted Access";
# auth_basic_user_file /etc/nginx/.htpasswd;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
