CVE-2026-9306 | QuantumNous new-api up to 0.12.1 Midjourney Image Relay Endpoint router/relay-router.go RelayMidjourneyImage/GetByOnlyMJId authorization

A vulnerability was found in QuantumNous new-api up to 0.12.1. It has been declared as problematic. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass.

This vulnerability is uniquely identified as CVE-2026-9306. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9306 | QuantumNous new-api up to 0.12.1 Midjourney Image Relay Endpoint router/relay-router.go RelayMidjourneyImage/GetByOnlyMJId authorization

Post correlati

CVE-2025-1157 | Allims lab.online up to 20250201 model_recuperar_senha.php recuperacao sql injection

CVE-2025-9757 | Campcodes Courier Management System 1.0 /ajax.php login email sql injection

CVE-2024-43433 | Moodle Matrix Privilege Escalation

CVE-2024-9032 | SourceCodester Simple Forum-Discussion System 1.0 /index.php page path traversal