Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Resource exhaustion in Vercel AI SDK's provider-utils package (versions ≤3.0.97) allows authenticated remote attackers to consume excessive system resources via specially crafted requests to JSON response handlers. Public proof-of-concept exists. EPSS data not available. Not listed in CISA KEV. CVSS 4.0 score of 2.1 reflects low availability impact (VA:L) with authenticated network access (PR:L). Vendor non-responsive to initial disclosure.
Technical ContextAI
The vulnerability resides in the provider-utils package of the Vercel AI SDK, specifically in the createJsonResponseHandler and createJsonErrorResponseHandler functions within response-handler.ts. Classified as CWE-400 (Uncontrolled Resource Consumption), this indicates insufficient limits on resource allocation when processing JSON responses. The Vercel AI SDK provides abstractions for working with AI model providers, and the affected response handlers are likely involved in parsing and processing JSON payloads from AI service responses. Without proper input validation or resource constraints, specially crafted JSON structures could trigger excessive memory allocation, CPU consumption, or processing time, leading to denial of service conditions for the application using the SDK.
RemediationAI
No vendor-released patch identified at time of analysis - Vercel did not respond to initial vulnerability disclosure per VulDB submission 811406. Organizations using Vercel AI SDK ≤3.0.97 should implement compensating controls: Apply rate limiting at the application layer to restrict request frequency per authenticated user (limit: 10-50 requests/minute depending on use case; trade-off: may impact legitimate high-volume users). Configure resource quotas for SDK operations using container memory limits or Node.js --max-old-space-size flag (trade-off: may cause crashes under legitimate load spikes rather than graceful degradation). Deploy request timeout enforcement (recommended: 30-60 seconds for AI operations; trade-off: may prematurely terminate valid long-running AI requests). Monitor resource consumption metrics for anomalies using application performance monitoring tools. Check Vercel AI SDK GitHub repository (vercel/ai) for community patches or newer releases beyond 3.0.97 that may address the issue. Public POC available at https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb for testing effectiveness of mitigations.
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Rated high severity (CVSS 7.2), this vu
Server-side request forgery in Vercel AI SDK versions up to 3.0.97 allows remote unauthenticated attackers to forge requ
OS command injection in Vercel AI SDK versions up to 3.0.97 allows authenticated remote attackers with pull request crea
A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. Rated low severity (
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30712
GHSA-866g-f22w-33x8