AIbase 2026 April 16 report —— Recently, the AI large model interface aggregation management system QuantumNous/new-api (referred to as NewAPI), widely used in open-source communities and self-hosted site administrator circles, has been confirmed to have a high-risk payment logic vulnerability. When the Stripe payment key is not properly configured, attackers can bypass the real payment process by forging Webhook events, achieving "zero-cost" arbitrary amount top-ups.

The attack logic and mitigation measures of this vulnerability have sparked heated discussions on developer forums and public technical communities such as X (formerly Twitter). Considering that the system is often used for commercial operations or token billing, to avoid being maliciously exploited and causing financial losses, the discoverer has temporarily not released the complete exploit code (PoC).

QQ_1776330555060.png

QQ_1776330512684.png

Analysis of the Vulnerability Principle

NewAPI is a management system that supports intermediate processing, billing, and recharge functions for large model interfaces such as OpenAI and Claude. The core of the exposed vulnerability lies in its lack of strict verification for empty Stripe keys in the payment success callback (asynchronous Webhook processing logic).

According to the attack process analysis circulating in the technical community, when the server-side Stripe webhook_secret is not configured (i.e., it's an empty string), it leads to a severe trust crisis:

  1. Signature mechanism failure: The HMAC-SHA256 algorithm does not throw an error when handling an empty key. This means any attacker can calculate a forged signature that perfectly matches the server-side validation logic for a custom payload.

  2. Constructing a malicious event: Attackers only need to obtain or guess the order number format to forge a checkout.session.completed (payment completed) event and set a very high amount_total (top-up amount) in the data packet.

  3. Funds increase without actual payment: After sending the forged request to the server's Webhook endpoint, the server will validate the signature using the empty key. Once validated, the system mistakenly considers it a genuine paid order and credits the attacker's account.

The final result is: Stripe actually receives $0, and there are no transaction records in the official Stripe backend, but the server logs show normal Webhook callbacks, and the attacker's account balance is successfully increased.

Scope of the Vulnerability Impact

This vulnerability only affects instances that are not properly configured with the Stripe Secret Key. Many administrators often neglect to configure this key when setting up test environments or when their sites primarily rely on other payment methods (such as WeChat or Alipay) and do not use the Stripe module, making them highly susceptible to this vulnerability.

Official Fix and Recommendations

In response to this serious security risk, the project team reacted quickly and released the latest v0.12.10 version today. The update log clearly indicates the direction of the fix: “Improved Stripe payment processing to better handle asynchronous webhook events” (improved Stripe payment processing to better handle asynchronous Webhook events), which addresses the security blind spot in the callback verification from the bottom up.

Security experts strongly recommend all NewAPI users to take the following actions:

  • Upgrade immediately: Update your instance to the latest v0.12.10 or higher version (it is recommended to directly pull the latest release or nightly version).

  • Force configuration of the key: Even if your site does not plan to use Stripe payments, after upgrading, be sure to configure the Stripe Secret Key in the backend. It is recommended to use a randomly generated strong password string, or strictly control it through environment variables to eliminate the possibility of an empty key.

  • Conduct a bill self-inspection: Immediately review existing user orders and recharge records in the system (especially in test environments), compare actual funds received, and check for any false high-value recharges.

  • Improve payment authentication: For production environments, it is recommended to thoroughly check the asynchronous callback logic of all payment channels to ensure dual verification of signature validation and order status effectiveness.

At present, the principle of this vulnerability is publicly available on the Internet. Due to its low actual exploitation threshold, it is recommended that all relevant administrators immediately take action to conduct self-inspections and upgrades to avoid losses of digital assets.