CVE-2026-8769

🔶 medium

Summary

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score

4.3

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-17

First Seen: 2026-05-18

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 5.4% of all 321,566 vulnerabilities in our database.

#304,103

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 18, 2026

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Eric-f (VulDB User) (reporter) VulDB CNA Team (coordinator)

SSVC data provided by CISA

Last Modified 2026-05-19

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE IDs (Weakness Types)

CWE-400 CWE-404

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-8767	🔶 medium	5.0	0.7	A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/pre...	2026-05-17
CVE-2026-8768	⚠️ high	7.3	0.1	A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the fil...	2026-05-17

CVE-2026-8769

Summary

📊 Relative Risk Intelligence

🎯 CISA SSVC Assessment Updated: May 18, 2026

📦 Affected Products 1

🔗 References 4

🔗 Related CVEs 2