A vulnerability was found in QuantumNous new-api up to 0.12.1 . It has been declared as problematic . This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint . Such manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2026-9306 . The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respon