CVE-2026-8769 vercel CVE debrief

Who should care

Organizations using Vercel AI SDK versions 3.0.97 or earlier in production applications, particularly those exposing AI provider integrations to untrusted network input. Development teams implementing custom AI provider handlers based on the SDK's response handling utilities.

Technical summary

The vulnerability exists in the createJsonResponseHandler and createJsonErrorResponseHandler functions within packages/provider-utils/src/response-handler.ts of the Vercel AI SDK. These functions improperly handle resource consumption, potentially allowing remote attackers to exhaust system resources. The attack requires low privileges and no user interaction, with network-based exploitation possible. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L - changed from N in base), and low availability impact (VA:L).

Defensive priority

low

Recommended defensive actions

• Upgrade Vercel AI SDK to a version newer than 3.0.97 when available
• Monitor provider-utils package for security patches
• Review application resource limits and implement timeout controls for AI provider responses
• Consider input validation and response size limits for JSON response handling
• Monitor for unusual resource consumption patterns in AI SDK integrations

Evidence notes

Vulnerability affects Vercel AI SDK ≤3.0.97 in provider-utils component. CWE-400 (Uncontrolled Resource Consumption) and CWE-404 (Improper Resource Shutdown or Release) identified. Public exploit disclosed via GitHub Gist. Vendor non-responsive to disclosure.

Official resources