CVE-2026-8769
vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
11th
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-400 CWE-404 |
| Vendor | vercel |
| Product | ai |
| Published | May 17, 2026 |
| Last Updated | May 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for vercel ai
Be the first to know when new medium vulnerabilities affecting vercel ai are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
vercel / ai
3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.0.10 3.0.11 3.0.12 3.0.13 3.0.14 3.0.15 3.0.16 3.0.17 3.0.18 3.0.19 3.0.20 3.0.21 3.0.22 3.0.23 3.0.24 3.0.25 3.0.26 3.0.27 3.0.28 3.0.29 3.0.30 3.0.31 3.0.32 3.0.33 3.0.34 3.0.35 3.0.36 3.0.37 3.0.38 3.0.39 3.0.40 3.0.41 3.0.42 3.0.43 3.0.44 3.0.45 3.0.46 3.0.47 3.0.48 3.0.49 3.0.50 3.0.51 3.0.52 3.0.53 3.0.54 3.0.55 3.0.56 3.0.57 3.0.58 3.0.59 3.0.60 3.0.61 3.0.62 3.0.63 3.0.64 3.0.65 3.0.66 3.0.67 3.0.68 3.0.69 3.0.70 3.0.71 3.0.72 3.0.73 3.0.74 3.0.75 3.0.76 3.0.77 3.0.78 3.0.79 3.0.80 3.0.81 3.0.82 3.0.83 3.0.84 3.0.85 3.0.86 3.0.87 3.0.88 3.0.89 3.0.90 3.0.91 3.0.92 3.0.93 3.0.94 3.0.95 3.0.96 3.0.97
References
Credits
๐ Eric-f (VulDB User) VulDB CNA Team