CVE-2026-30886: Insecure Direct Object Reference in QuantumNous New API Video Proxy

CVE-2026-30886 represents a critical Insecure Direct Object Reference (IDOR) vulnerability within the QuantumNous new-api platform. The new-api application serves as a large language model gateway and artificial intelligence asset management system. The vulnerability specifically affects the video proxy endpoint, located at the /v1/videos/:task_id/content route, in versions prior to 0.11.4-alpha.2.

The flaw is classified as CWE-639, Authorization Bypass Through User-Controlled Key. The application endpoint accepts a user-provided task identifier but fails to validate the authorization context of the requester against the task owner. Consequently, the application processes the request strictly based on the presence of the task identifier.

Successful exploitation yields two distinct forms of impact. Attackers gain unauthorized read access to private video content associated with the targeted tasks. Furthermore, the application authenticates to upstream AI providers, such as Google Gemini or OpenAI, utilizing the credentials and quota associated with the task owner rather than the requester.

The root cause resides in the data access layer implemented within the VideoProxy controller. The controller processes incoming HTTP requests and interfaces with the database to retrieve task details required for upstream proxying. The implementation relies on the retrieved task data to configure the subsequent API calls to external AI providers.

The vulnerable code path invokes a specific lookup function named model.GetByOnlyTaskId(taskID). This function executes an SQL query configured to filter records based solely on the task_id parameter provided in the HTTP request routing. The resulting database query operates without any contextual awareness of the authenticated user session.

Standard multi-tenant architectures require strict data isolation enforced via ownership validation. The new-api codebase correctly implements this pattern in other task-lookup functions by appending the user_id to the query constraints. The omission of the AND user_id = ? clause in the GetByOnlyTaskId function breaks this isolation model, allowing cross-tenant data retrieval.

The application proceeds to process the retrieved task object without performing secondary authorization checks. The task object contains references to the victim's upstream AI provider configuration, including API keys and project identifiers. The gateway uses these extracted credentials to fulfill the proxy request, completing the exploitation chain.

The source of the vulnerability is evident when examining the controller/video_proxy.go file from version 0.11.3 and earlier. The original implementation extracts the taskID from the request path but makes no attempt to retrieve the user context from the active session. The code directly passes the untrusted input to the data access layer.

// Vulnerable Implementation
task, exists, err := model.GetByOnlyTaskId(taskID)
if err != nil {
    // Error handling
}

This implementation trusts the client-provided taskID implicitly. If the task exists in the database, the exists boolean returns true, and the application proceeds with the video proxying logic using the retrieved task object.

The patch introduced in commit 50ec2bac6b341e651fc9ac4344e3bd2cdaeafdbd rectifies this oversight by enforcing identity association.

File: controller/video_proxy.go
@@ -35,7 +35,8 @@ func VideoProxy(c *gin.Context) {
 		return
 	}
 
-	task, exists, err := model.GetByOnlyTaskId(taskID)
+	userID := c.GetInt("id")
+	task, exists, err := model.GetByTaskId(userID, taskID)
 	if err != nil {
 		logger.LogError(c.Request.Context(), fmt.Sprintf("Failed to query task %s: %s", taskID, err.Error()))

The patched implementation first extracts the authenticated user's ID from the Gin context using c.GetInt("id"). It then calls the secure model.GetByTaskId(userID, taskID) function. This function constructs a query that requires both the task_id and user_id to match the database record, neutralizing the IDOR vector.

Exploitation of CVE-2026-30886 requires the attacker to hold a valid, low-privileged account on the target new-api instance. The attack does not require elevated administrative privileges or specific user interaction. The attacker must only possess the ability to send authenticated HTTP GET requests to the vulnerable API endpoint.

The attacker first identifies a target task_id belonging to a victim. If the application utilizes predictable or sequential integer sequences for identifiers, the attacker can execute an automated enumeration attack. The attacker iterates through ID values to map valid tasks across the platform.

With a valid target task_id, the attacker constructs the exploit request utilizing their own session token. The request targets the /v1/videos/[TARGET_TASK_ID]/content URL path. The backend server authenticates the attacker's session, ignores the authorization mismatch on the task, and processes the request.

The application fetches the video content from the upstream provider utilizing the victim's associated provider credentials. The server then streams the requested video content back to the attacker in the HTTP response body. The attack executes transparently from the perspective of the upstream provider.

The vulnerability introduces a severe breach of data confidentiality. Attackers achieve unauthorized read access to private video content processed by other users on the platform. Depending on the deployment context, this content may include proprietary corporate assets, sensitive internal communications, or personally identifiable information.

An additional consequence of this vulnerability is the unauthorized consumption of third-party service quotas. The new-api gateway leverages the upstream AI provider configuration linked to the target user's task. Exploitation forces the victim's account to incur the processing costs associated with the attacker's requests.

The vulnerability is tracked under CVSS v3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, resulting in a base score of 6.5. The attack complexity is low, as the exploit relies on standard HTTP requests without complex state manipulation. The integrity and availability metrics remain unaffected, as the vulnerability solely permits data retrieval.

Repeated exploitation can lead to secondary availability impacts if the victim's upstream AI provider account reaches its billing or rate limits. In such scenarios, the victim will experience a denial of service for legitimate task processing until the limits reset or the account is funded. The core application availability remains unaffected.

The official remediation for CVE-2026-30886 requires upgrading the QuantumNous new-api deployment to version 0.11.4-alpha.2 or later. This release incorporates the authorization checks necessary to validate task ownership prior to processing proxy requests. Administrators should prioritize deployment in environments exposing the API to untrusted users.

In deployment scenarios where immediate binary upgrades are prohibited, administrators can apply the fix manually. This involves backporting the changes from commit 50ec2bac6b341e651fc9ac4344e3bd2cdaeafdbd into the local source repository. The application must be recompiled and deployed following the modification of controller/video_proxy.go.

Security engineers should conduct a comprehensive code audit to identify other potential instances of the deprecated model.GetByOnlyTaskId function. All data access layer functions handling user-specific assets must require the user_id context parameter. Ensuring consistent usage of context-aware query structures prevents similar vulnerabilities across the codebase.

To mitigate the risk of targeted enumeration, developers should transition from predictable sequential integers to high-entropy identifiers, such as UUIDv4, for all API-facing object references. While unpredictable identifiers do not resolve the underlying authorization flaw, they significantly increase the difficulty of blind enumeration attacks.