Logic Flaw in AI Asset Management System by QuantumNous
CVE-2026-32879

4.9MEDIUM

Key Information:

Vendor: Quantumnous
Status: New-api
Vendor: CVE Published:; 23 March 2026

🔔 Create Quantumnous Vulnerability Alert

What is CVE-2026-32879?

A security issue has been identified in the New API by QuantumNous, specifically affecting version 0.10.0 and later. The vulnerability arises from a logic flaw within the universal secure verification flow, which permits an authenticated user with a registered passkey to bypass the WebAuthn assertion step. This gap allows unauthorized access to secure verification processes, undermining the intended protection measures. Users are advised not to rely solely on passkeys for privileged secure-verification actions. Instead, implementing TOTP or 2FA where operationally feasible is recommended, alongside temporarily restricting access to affected secure-verification-protected endpoints until a patch is released.

Affected Version(s)

new-api >= 0.10.0, <= 0.11.9-alpha.1

References

https://github.com/QuantumNous/new-api/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Mar 16, 2026

CVE-2026-32879 Data

JSON