CVE-2026-8769

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions vercel ai versions prior to 3.0.98

Description A resource consumption issue exists in the provider-utils component. The flaw is located within the createJsonResponseHandler() and createJsonErrorResponseHandler() functions in the packages/provider-utils/src/response-handler.ts file. This allows a remote attacker to cause excessive resource consumption.

Recommendations Update to version 3.0.98 or later. As a temporary workaround, restrict access to the createJsonResponseHandler() and createJsonErrorResponseHandler() functions until the update is applied.

Exploit

Fix

Resource Exhaustion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-404

Related Identifiers

CVE-2026-8769

GHSA-866G-F22W-33X8

Affected Products

Vercel Ai

CVE-2026-8769

Weakness Enumeration

Related Identifiers

Affected Products

References · 10