cbcvebase.

Vercel Ai vulnerabilities

4 known vulnerabilities affecting vercel/ai.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-8767P2HIGHCVSS 7.5≤ 3.0.97v3.0.0+97 more2026-05-17
CVE-2026-8767 [HIGH] CWE-77 CVE-2026-8767: A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file . A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered dif
nvd
CVE-2026-8768P3HIGHCVSS 7.3≤ 3.0.97v3.0.0+97 more2026-05-17
CVE-2026-8768 [HIGH] CWE-918 CVE-2026-8768: A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDo A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendo
nvd
CVE-2026-8769P3MEDIUMCVSS 6.5≤ 3.0.97v3.0.0+97 more2026-05-17
CVE-2026-8769 [MEDIUM] CWE-400 CVE-2026-8769: A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function creat A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been pu
nvd
CVE-2025-48985P4MEDIUMCVSS 5.3fixed in 5.0.52v5.1.02025-11-07
CVE-2025-48985 [MEDIUM] CWE-20 CVE-2025-48985: A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk
nvd
Vercel Ai vulnerabilities | cvebase