CVE-2026-41432
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.1 / 10
Vulnerability Description
New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
go
Product
github.com/QuantumNous/new-api
External References
- https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4
- https://docs.stripe.com/checkout/fulfillment#async-payment-methods
- https://docs.stripe.com/webhooks#verify-official-libraries
- https://github.com/QuantumNous/new-api/releases/tag/v0.12.10
- https://github.com/advisories/GHSA-xff3-5c9p-2mr4
Discussion (0)
Add Comment
No comments yet. Be the first!