Skip to main content

Vercel

23 CVEs infrastructure

Monthly

CVE-2026-8769 npm LOW Monitor

Resource exhaustion in Vercel AI SDK's provider-utils package (versions ≤3.0.97) allows authenticated remote attackers to consume excessive system resources via specially crafted requests to JSON response handlers. Public proof-of-concept exists. EPSS data not available. Not listed in CISA KEV. CVSS 4.0 score of 2.1 reflects low availability impact (VA:L) with authenticated network access (PR:L). Vendor non-responsive to initial disclosure.

Denial Of Service Ai Vercel
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8768 MEDIUM This Month

Server-side request forgery in Vercel AI SDK versions up to 3.0.97 allows remote unauthenticated attackers to forge requests from the server to arbitrary internal or external resources via the validateDownloadUrl function in provider-utils. Publicly available exploit code exists (CVSS E:P). EPSS data not available, not listed in CISA KEV. Vendor unresponsive to disclosure, indicating no official patch or advisory at time of analysis. Organizations using affected versions for AI model downloads or blob handling should implement immediate compensating controls.

SSRF Ai Vercel
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8767 LOW POC Monitor

OS command injection in Vercel AI SDK versions up to 3.0.97 allows authenticated remote attackers with pull request creation privileges to execute arbitrary commands on CI/CD runners through malicious branch names. The vulnerability resides in the prettier-on-automerge GitHub Actions workflow, which insecurely interpolates PR branch names into shell commands. A public proof-of-concept exploit exists (disclosed via GitHub Gist), demonstrating feasibility despite CVSS 4.0 rating the complexity as high (AC:H) and exploitability as difficult. The vendor (Vercel) was notified but has not responded, and no patch availability is confirmed from vendor sources at time of analysis.

Command Injection Ai Vercel
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.7%
CVE-2026-45773 npm MEDIUM POC PATCH GHSA This Month

CSRF vulnerability in Turborepo's self-hosted authentication flow allows credential injection attacks when users authenticate the CLI against self-hosted remote cache endpoints. An attacker-controlled web page can send a malicious token to the localhost callback server during the login process. If the malicious callback arrives before the legitimate OAuth response, the CLI completes authentication with attacker-supplied credentials, leading to high integrity impact on subsequent build operations. This affects users of self-hosted Turborepo deployments only - Vercel's hosted device authorization flows are not vulnerable. Fixed in version 2.9.14.

CSRF Turborepo Vercel
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-46508 HIGH PATCH This Week

Command injection in the Turborepo LSP VS Code extension before version 2.9.14000 allows arbitrary code execution when opening malicious workspaces. The vulnerability stems from unsafe string interpolation in shell commands, enabling attackers to inject commands through workspace settings or task names that execute with the user's VS Code process privileges. The CVSS 4.0 score of 8.4 indicates high severity with local access and user interaction required.

Command Injection Turborepo Vercel
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-45772 npm PATCH GHSA Monitor

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a project-controlled yarnPath from .yarnrc.yml. An attacker who controls repository contents could cause code execution when a user or CI system runs affected turbo, @turbo/codemod, or @turbo/workspace conversion commands. This vulnerability is fixed in 2.9.14.

RCE Turborepo Codemod Workspaces Vercel
NVD GitHub VulDB
EPSS
0.1%
CVE-2026-44479 npm MEDIUM PATCH GHSA This Month

Vercel CLI leaks authentication tokens in JSON output when running in non-interactive mode with credentials passed via command-line arguments. Affected versions 50.16.0 through 52.0.0 expose plaintext tokens in suggested follow-up commands when operations cannot complete autonomously, allowing token capture in CI/CD logs and automation transcripts. Information disclosure risk is elevated in automated deployment pipelines where CLI output is logged.

Information Disclosure Vercel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59472 npm MEDIUM PATCH This Month

A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. [CVSS 5.9 MEDIUM]

Node.js Denial Of Service Next.Js Red Hat Vercel
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-59471 npm MEDIUM PATCH This Month

A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. [CVSS 5.9 MEDIUM]

Denial Of Service Next.Js Red Hat Vercel
NVD GitHub HeroDevs
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-55182 npm CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

React Server Components in React 19.x contain a critical pre-authentication remote code execution vulnerability (CVE-2025-55182, CVSS 10.0) through unsafe deserialization of HTTP request payloads. With EPSS 71.1% and KEV listing, this vulnerability affects any application using React Server Components with react-server-dom-webpack, react-server-dom-turbopack, or react-server-dom-parcel — enabling complete server compromise through a single HTTP request.

Deserialization RCE React Next.Js Red Hat +1
NVD GitHub Exploit-DB VulDB
CVSS 3.1
10.0
EPSS
71.1%
Threat
9.1
CVE-2025-48985 npm LOW PATCH Monitor

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Ai Vercel
NVD GitHub
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-57822 npm MEDIUM POC PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next.js Vercel
NVD GitHub
CVSS 3.1
6.5
EPSS
5.6%
CVE-2025-57752 npm MEDIUM PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Red Hat Next.js Vercel
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-55173 npm MEDIUM PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Red Hat Next.js Vercel
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-7074 LOW POC Monitor

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Denial Of Service Vercel
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-49826 npm HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue has been addressed in version 15.1.8.

Denial Of Service Next.Js Red Hat Vercel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49005 npm LOW POC PATCH Monitor

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component (RSC) payload instead under certain conditions. When deployed to Vercel, this would only impact the browser cache, and would not lead to the CDN being poisoned. When self-hosted and deployed externally, this could lead to cache poisoning if the CDN does not properly distinguish between RSC / HTML in the cache keys. This issue has been resolved in Next.js 15.3.3.

Information Disclosure Vercel
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-48068 npm LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Next.js Vercel
NVD GitHub
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-32421 npm LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Next.js Vercel
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2025-30218 npm LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Next.js Vercel
NVD GitHub
CVSS 4.0
1.7
EPSS
0.2%
CVE-2025-29927 npm CRITICAL POC PATCH THREAT Act Now

Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer.

Authentication Bypass Red Hat Next.js Vercel
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
93.0%
Threat
6.1
CVE-2024-56332 npm MEDIUM PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Next.js Vercel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2015-8315 npm HIGH POC PATCH This Week

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS).". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node.js Ms Vercel
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 2.1
LOW Monitor

Resource exhaustion in Vercel AI SDK's provider-utils package (versions ≤3.0.97) allows authenticated remote attackers to consume excessive system resources via specially crafted requests to JSON response handlers. Public proof-of-concept exists. EPSS data not available. Not listed in CISA KEV. CVSS 4.0 score of 2.1 reflects low availability impact (VA:L) with authenticated network access (PR:L). Vendor non-responsive to initial disclosure.

Denial Of Service Ai Vercel
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Server-side request forgery in Vercel AI SDK versions up to 3.0.97 allows remote unauthenticated attackers to forge requests from the server to arbitrary internal or external resources via the validateDownloadUrl function in provider-utils. Publicly available exploit code exists (CVSS E:P). EPSS data not available, not listed in CISA KEV. Vendor unresponsive to disclosure, indicating no official patch or advisory at time of analysis. Organizations using affected versions for AI model downloads or blob handling should implement immediate compensating controls.

SSRF Ai Vercel
NVD GitHub VulDB
EPSS 1% CVSS 1.3
LOW POC Monitor

OS command injection in Vercel AI SDK versions up to 3.0.97 allows authenticated remote attackers with pull request creation privileges to execute arbitrary commands on CI/CD runners through malicious branch names. The vulnerability resides in the prettier-on-automerge GitHub Actions workflow, which insecurely interpolates PR branch names into shell commands. A public proof-of-concept exploit exists (disclosed via GitHub Gist), demonstrating feasibility despite CVSS 4.0 rating the complexity as high (AC:H) and exploitability as difficult. The vendor (Vercel) was notified but has not responded, and no patch availability is confirmed from vendor sources at time of analysis.

Command Injection Ai Vercel
NVD VulDB GitHub
EPSS 0% CVSS 5.1
MEDIUM POC PATCH This Month

CSRF vulnerability in Turborepo's self-hosted authentication flow allows credential injection attacks when users authenticate the CLI against self-hosted remote cache endpoints. An attacker-controlled web page can send a malicious token to the localhost callback server during the login process. If the malicious callback arrives before the legitimate OAuth response, the CLI completes authentication with attacker-supplied credentials, leading to high integrity impact on subsequent build operations. This affects users of self-hosted Turborepo deployments only - Vercel's hosted device authorization flows are not vulnerable. Fixed in version 2.9.14.

CSRF Turborepo Vercel
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Command injection in the Turborepo LSP VS Code extension before version 2.9.14000 allows arbitrary code execution when opening malicious workspaces. The vulnerability stems from unsafe string interpolation in shell commands, enabling attackers to inject commands through workspace settings or task names that execute with the user's VS Code process privileges. The CVSS 4.0 score of 8.4 indicates high severity with local access and user interaction required.

Command Injection Turborepo Vercel
NVD GitHub VulDB
EPSS 0%
PATCH Monitor

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a project-controlled yarnPath from .yarnrc.yml. An attacker who controls repository contents could cause code execution when a user or CI system runs affected turbo, @turbo/codemod, or @turbo/workspace conversion commands. This vulnerability is fixed in 2.9.14.

RCE Turborepo Codemod +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vercel CLI leaks authentication tokens in JSON output when running in non-interactive mode with credentials passed via command-line arguments. Affected versions 50.16.0 through 52.0.0 expose plaintext tokens in suggested follow-up commands when operations cannot complete autonomously, allowing token capture in CI/CD logs and automation transcripts. Information disclosure risk is elevated in automated deployment pipelines where CLI output is logged.

Information Disclosure Vercel
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. [CVSS 5.9 MEDIUM]

Node.js Denial Of Service Next.Js +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. [CVSS 5.9 MEDIUM]

Denial Of Service Next.Js Red Hat +1
NVD GitHub HeroDevs
EPSS 71% 9.1 CVSS 10.0
CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

React Server Components in React 19.x contain a critical pre-authentication remote code execution vulnerability (CVE-2025-55182, CVSS 10.0) through unsafe deserialization of HTTP request payloads. With EPSS 71.1% and KEV listing, this vulnerability affects any application using React Server Components with react-server-dom-webpack, react-server-dom-turbopack, or react-server-dom-parcel — enabling complete server compromise through a single HTTP request.

Deserialization RCE React +3
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Ai Vercel
NVD GitHub
EPSS 6% CVSS 6.5
MEDIUM POC PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next.js Vercel
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Red Hat Next.js +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Red Hat Next.js +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Denial Of Service Vercel
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue has been addressed in version 15.1.8.

Denial Of Service Next.Js Red Hat +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW POC PATCH Monitor

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component (RSC) payload instead under certain conditions. When deployed to Vercel, this would only impact the browser cache, and would not lead to the CDN being poisoned. When self-hosted and deployed externally, this could lead to cache poisoning if the CDN does not properly distinguish between RSC / HTML in the cache keys. This issue has been resolved in Next.js 15.3.3.

Information Disclosure Vercel
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Next.js +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Next.js +1
NVD GitHub
EPSS 0% CVSS 1.7
LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Next.js Vercel
NVD GitHub
EPSS 93% 6.1 CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer.

Authentication Bypass Red Hat Next.js +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Next.js +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS).". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node.js Ms +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy