4 matches found
CVE-2025-48985
The CVE-2025-48985 vulnerability affects Vercel’s AI SDK, with fixes in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. The issue is an input-validation bypass that could allow bypassing filetype whitelists during file uploads. Connected sources confirm remediation via upgrading the AI SDK. Impact...
CVE-2026-8769
CVE-2026-8769 affects vercel ai up to 3.0.97, specifically the provider-utils file response-handler.ts (functions createJsonResponseHandler and createJsonErrorResponseHandler). The issue enables resource consumption that can be triggered remotely; exploit publicly disclosed. Details on affected v...
CVE-2026-8768
CVE-2026-8768 affects vercel ai up to 3.0.97, specifically the provider-utils component and its function validateDownloadUrl in packages/provider-utils/src/download-blob.ts. The vulnerability enables server-side request forgery (SSRF) and can be triggered remotely. The exploit has been made publi...
CVE-2026-8767
CVE-2026-8767 affects vercel ai up to version 3.0.97. The issue lies in the run function of .github/workflows/prettier-on-automerge.yml within the PR Branch Name Interpolation component, enabling an OS command injection. Attacks can be remote, with high attack complexity and exploitability deemed...