A vulnerability was found in QuantumNous new-api up to 0.12.1 . It has been classified as critical . The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint . This manipulation causes sql injection. This vulnerability is handled as CVE-2026-9305 . The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.