Product
An SSRF protection bypass vulnerability, CVE-2026-33655, in the QuantumNous new-api, affecting versions prior to v0.12.0-alpha.1, allows authenticated users to send requests to internal HTTP services by configuring notification URLs with unresolved hostnames, leading to potential sensitive internal data exposure through timing, errors, or response-dependent behavior.