Skip to main content

Vercel AI SDK CVE-2026-8769

| EUVDEUVD-2026-30712 LOW
Uncontrolled Resource Consumption (CWE-400)
2026-05-17 cna@vuldb.com GHSA-866g-f22w-33x8
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 17, 2026 - 23:30 vuln.today

DescriptionCVE.org

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Resource exhaustion in Vercel AI SDK's provider-utils package (versions ≤3.0.97) allows authenticated remote attackers to consume excessive system resources via specially crafted requests to JSON response handlers. Public proof-of-concept exists. EPSS data not available. Not listed in CISA KEV. CVSS 4.0 score of 2.1 reflects low availability impact (VA:L) with authenticated network access (PR:L). Vendor non-responsive to initial disclosure.

Technical ContextAI

The vulnerability resides in the provider-utils package of the Vercel AI SDK, specifically in the createJsonResponseHandler and createJsonErrorResponseHandler functions within response-handler.ts. Classified as CWE-400 (Uncontrolled Resource Consumption), this indicates insufficient limits on resource allocation when processing JSON responses. The Vercel AI SDK provides abstractions for working with AI model providers, and the affected response handlers are likely involved in parsing and processing JSON payloads from AI service responses. Without proper input validation or resource constraints, specially crafted JSON structures could trigger excessive memory allocation, CPU consumption, or processing time, leading to denial of service conditions for the application using the SDK.

RemediationAI

No vendor-released patch identified at time of analysis - Vercel did not respond to initial vulnerability disclosure per VulDB submission 811406. Organizations using Vercel AI SDK ≤3.0.97 should implement compensating controls: Apply rate limiting at the application layer to restrict request frequency per authenticated user (limit: 10-50 requests/minute depending on use case; trade-off: may impact legitimate high-volume users). Configure resource quotas for SDK operations using container memory limits or Node.js --max-old-space-size flag (trade-off: may cause crashes under legitimate load spikes rather than graceful degradation). Deploy request timeout enforcement (recommended: 30-60 seconds for AI operations; trade-off: may prematurely terminate valid long-running AI requests). Monitor resource consumption metrics for anomalies using application performance monitoring tools. Check Vercel AI SDK GitHub repository (vercel/ai) for community patches or newer releases beyond 3.0.97 that may address the issue. Public POC available at https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb for testing effectiveness of mitigations.

Share

CVE-2026-8769 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy