๐Ÿ” CVE Alert

CVE-2026-8768

HIGH 7.3

vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE CWE-918
Vendor vercel
Product ai
Published May 17, 2026
Last Updated May 18, 2026
Stay Ahead of the Next One

Get instant alerts for vercel ai

Be the first to know when new high vulnerabilities affecting vercel ai are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

vercel / ai
3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.0.10 3.0.11 3.0.12 3.0.13 3.0.14 3.0.15 3.0.16 3.0.17 3.0.18 3.0.19 3.0.20 3.0.21 3.0.22 3.0.23 3.0.24 3.0.25 3.0.26 3.0.27 3.0.28 3.0.29 3.0.30 3.0.31 3.0.32 3.0.33 3.0.34 3.0.35 3.0.36 3.0.37 3.0.38 3.0.39 3.0.40 3.0.41 3.0.42 3.0.43 3.0.44 3.0.45 3.0.46 3.0.47 3.0.48 3.0.49 3.0.50 3.0.51 3.0.52 3.0.53 3.0.54 3.0.55 3.0.56 3.0.57 3.0.58 3.0.59 3.0.60 3.0.61 3.0.62 3.0.63 3.0.64 3.0.65 3.0.66 3.0.67 3.0.68 3.0.69 3.0.70 3.0.71 3.0.72 3.0.73 3.0.74 3.0.75 3.0.76 3.0.77 3.0.78 3.0.79 3.0.80 3.0.81 3.0.82 3.0.83 3.0.84 3.0.85 3.0.86 3.0.87 3.0.88 3.0.89 3.0.90 3.0.91 3.0.92 3.0.93 3.0.94 3.0.95 3.0.96 3.0.97

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/364393 vuldb.com: https://vuldb.com/vuln/364393/cti vuldb.com: https://vuldb.com/submit/811404 vuldb.com: https://vuldb.com/submit/811405 gist.github.com: https://gist.github.com/YLChen-007/07d149bd68adbee58165b4207a2abc71 gist.github.com: https://gist.github.com/YLChen-007/cf7e47e4dda392f474ca77a66d1d847f

Credits

๐Ÿ” Eric-f (VulDB User) VulDB CNA Team