CVE-2026-30886

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference (IDOR) vulnerability in the video proxy endpoint (`GET /v1/videos/:task_id/content`) allows any authenticated user to access video content belonging to other users and causes the server to authenticate to upstream AI providers (Google Gemini, OpenAI) using credentials derived from tasks they do not own. The missing authorization check is a single function call — `model.GetByOnlyTaskId(taskID)` queries by `task_id` alone with no `user_id` filter, while every other task-lookup in the codebase enforces ownership via `model.GetByTaskId(userId, taskID)`. Version 0.11.4-alpha.2 contains a patch.

An adversary registers a legitimate account on a shared New API instance (e.g., a corporate LLM gateway or a cloud-hosted multi-tenant deployment). They submit a valid request to generate a video task to obtain a sample `task_id` format. They then enumerate sequential or UUID-range task IDs against `GET /v1/videos/:task_id/content` using their valid session token. For each valid task ID belonging to another user, the server resolves the task without ownership checks, returns the video content, and — critically — authenticates to Google Gemini or OpenAI using the credential associated with the task owner. The adversary can now: (a) exfiltrate other users' AI-generated content, (b) repeatedly trigger expensive AI inference calls charged to victims' API keys, burning their quotas or incurring financial harm, and (c) potentially infer proprietary prompt structures from the content of other users' AI outputs.