CVE-2026-44479

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

When the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included verbatim in those suggestions.

Conditions

All three must be true for the token to appear in output:

Token passed as a CLI argument (--token / -t). The VERCEL TOKEN environment variable is not affected.
Non-interactive mode is active (explicit flag or AI agent auto-detection).
The command cannot complete on its own (e.g. missing --yes, ambiguous scope, API errors). Successful commands produce no suggestion output.

Impact

The plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output.

Remediation

Upgrade to the patched version.
If developers have previously used --token with --non-interactive in their applications, review logs for exposed tokens and rotate them.
Prefer VERCEL TOKEN environment variable for authentication.

Fix

Information Disclosure

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-532

Related Identifiers

CVE-2026-44479

GHSA-PGF8-2HGJ-GRQG

Affected Products

Vercel

CVE-2026-44479

Summary

Conditions

Impact

Remediation

Weakness Enumeration

Related Identifiers

Affected Products

References · 3