{"data":{"id":"058a928e-f9ee-4d80-9abc-e0c9c4db66e0","title":"CVE-2026-42339: New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.1","summary":"New API, an LLM gateway and AI asset management system, has a vulnerability in versions 0.11.9-alpha.1 and earlier where its SSRF protection (safeguards against server-side request forgery, where an attacker tricks a server into making unintended web requests) fails to block the address 0.0.0.0. Any user with a valid API token can exploit this by sending requests with 0.0.0.0 as the image URL, causing the server to make requests to localhost (its own system) and potentially leak sensitive data when using certain AWS configurations.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42339","publishedAt":"2026-05-08T23:16:36.917Z","cveId":"CVE-2026-42339","cweIds":["CWE-918"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["New API","AWS","Bedrock","Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00038,"patchAvailable":null,"disclosureDate":"2026-05-08T23:16:36.917Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}