CVE-2026-8769 (GCVE-0-2026-8769)
Vulnerability from cvelistv5 – Published: 2026-05-17 23:00 – Updated: 2026-05-18 20:13
VLAI?
Title
vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption
Summary
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364394 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364394/cti | signaturepermissions-required |
| https://vuldb.com/submit/811406 | third-party-advisory |
| https://gist.github.com/YLChen-007/fb1096bc8428be… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| vercel | ai |
Affected:
3.0.0
Affected: 3.0.1 Affected: 3.0.2 Affected: 3.0.3 Affected: 3.0.4 Affected: 3.0.5 Affected: 3.0.6 Affected: 3.0.7 Affected: 3.0.8 Affected: 3.0.9 Affected: 3.0.10 Affected: 3.0.11 Affected: 3.0.12 Affected: 3.0.13 Affected: 3.0.14 Affected: 3.0.15 Affected: 3.0.16 Affected: 3.0.17 Affected: 3.0.18 Affected: 3.0.19 Affected: 3.0.20 Affected: 3.0.21 Affected: 3.0.22 Affected: 3.0.23 Affected: 3.0.24 Affected: 3.0.25 Affected: 3.0.26 Affected: 3.0.27 Affected: 3.0.28 Affected: 3.0.29 Affected: 3.0.30 Affected: 3.0.31 Affected: 3.0.32 Affected: 3.0.33 Affected: 3.0.34 Affected: 3.0.35 Affected: 3.0.36 Affected: 3.0.37 Affected: 3.0.38 Affected: 3.0.39 Affected: 3.0.40 Affected: 3.0.41 Affected: 3.0.42 Affected: 3.0.43 Affected: 3.0.44 Affected: 3.0.45 Affected: 3.0.46 Affected: 3.0.47 Affected: 3.0.48 Affected: 3.0.49 Affected: 3.0.50 Affected: 3.0.51 Affected: 3.0.52 Affected: 3.0.53 Affected: 3.0.54 Affected: 3.0.55 Affected: 3.0.56 Affected: 3.0.57 Affected: 3.0.58 Affected: 3.0.59 Affected: 3.0.60 Affected: 3.0.61 Affected: 3.0.62 Affected: 3.0.63 Affected: 3.0.64 Affected: 3.0.65 Affected: 3.0.66 Affected: 3.0.67 Affected: 3.0.68 Affected: 3.0.69 Affected: 3.0.70 Affected: 3.0.71 Affected: 3.0.72 Affected: 3.0.73 Affected: 3.0.74 Affected: 3.0.75 Affected: 3.0.76 Affected: 3.0.77 Affected: 3.0.78 Affected: 3.0.79 Affected: 3.0.80 Affected: 3.0.81 Affected: 3.0.82 Affected: 3.0.83 Affected: 3.0.84 Affected: 3.0.85 Affected: 3.0.86 Affected: 3.0.87 Affected: 3.0.88 Affected: 3.0.89 Affected: 3.0.90 Affected: 3.0.91 Affected: 3.0.92 Affected: 3.0.93 Affected: 3.0.94 Affected: 3.0.95 Affected: 3.0.96 Affected: 3.0.97 cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8769",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T20:12:31.099819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T20:13:40.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*"
],
"modules": [
"provider-utils"
],
"product": "ai",
"vendor": "vercel",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.0.7"
},
{
"status": "affected",
"version": "3.0.8"
},
{
"status": "affected",
"version": "3.0.9"
},
{
"status": "affected",
"version": "3.0.10"
},
{
"status": "affected",
"version": "3.0.11"
},
{
"status": "affected",
"version": "3.0.12"
},
{
"status": "affected",
"version": "3.0.13"
},
{
"status": "affected",
"version": "3.0.14"
},
{
"status": "affected",
"version": "3.0.15"
},
{
"status": "affected",
"version": "3.0.16"
},
{
"status": "affected",
"version": "3.0.17"
},
{
"status": "affected",
"version": "3.0.18"
},
{
"status": "affected",
"version": "3.0.19"
},
{
"status": "affected",
"version": "3.0.20"
},
{
"status": "affected",
"version": "3.0.21"
},
{
"status": "affected",
"version": "3.0.22"
},
{
"status": "affected",
"version": "3.0.23"
},
{
"status": "affected",
"version": "3.0.24"
},
{
"status": "affected",
"version": "3.0.25"
},
{
"status": "affected",
"version": "3.0.26"
},
{
"status": "affected",
"version": "3.0.27"
},
{
"status": "affected",
"version": "3.0.28"
},
{
"status": "affected",
"version": "3.0.29"
},
{
"status": "affected",
"version": "3.0.30"
},
{
"status": "affected",
"version": "3.0.31"
},
{
"status": "affected",
"version": "3.0.32"
},
{
"status": "affected",
"version": "3.0.33"
},
{
"status": "affected",
"version": "3.0.34"
},
{
"status": "affected",
"version": "3.0.35"
},
{
"status": "affected",
"version": "3.0.36"
},
{
"status": "affected",
"version": "3.0.37"
},
{
"status": "affected",
"version": "3.0.38"
},
{
"status": "affected",
"version": "3.0.39"
},
{
"status": "affected",
"version": "3.0.40"
},
{
"status": "affected",
"version": "3.0.41"
},
{
"status": "affected",
"version": "3.0.42"
},
{
"status": "affected",
"version": "3.0.43"
},
{
"status": "affected",
"version": "3.0.44"
},
{
"status": "affected",
"version": "3.0.45"
},
{
"status": "affected",
"version": "3.0.46"
},
{
"status": "affected",
"version": "3.0.47"
},
{
"status": "affected",
"version": "3.0.48"
},
{
"status": "affected",
"version": "3.0.49"
},
{
"status": "affected",
"version": "3.0.50"
},
{
"status": "affected",
"version": "3.0.51"
},
{
"status": "affected",
"version": "3.0.52"
},
{
"status": "affected",
"version": "3.0.53"
},
{
"status": "affected",
"version": "3.0.54"
},
{
"status": "affected",
"version": "3.0.55"
},
{
"status": "affected",
"version": "3.0.56"
},
{
"status": "affected",
"version": "3.0.57"
},
{
"status": "affected",
"version": "3.0.58"
},
{
"status": "affected",
"version": "3.0.59"
},
{
"status": "affected",
"version": "3.0.60"
},
{
"status": "affected",
"version": "3.0.61"
},
{
"status": "affected",
"version": "3.0.62"
},
{
"status": "affected",
"version": "3.0.63"
},
{
"status": "affected",
"version": "3.0.64"
},
{
"status": "affected",
"version": "3.0.65"
},
{
"status": "affected",
"version": "3.0.66"
},
{
"status": "affected",
"version": "3.0.67"
},
{
"status": "affected",
"version": "3.0.68"
},
{
"status": "affected",
"version": "3.0.69"
},
{
"status": "affected",
"version": "3.0.70"
},
{
"status": "affected",
"version": "3.0.71"
},
{
"status": "affected",
"version": "3.0.72"
},
{
"status": "affected",
"version": "3.0.73"
},
{
"status": "affected",
"version": "3.0.74"
},
{
"status": "affected",
"version": "3.0.75"
},
{
"status": "affected",
"version": "3.0.76"
},
{
"status": "affected",
"version": "3.0.77"
},
{
"status": "affected",
"version": "3.0.78"
},
{
"status": "affected",
"version": "3.0.79"
},
{
"status": "affected",
"version": "3.0.80"
},
{
"status": "affected",
"version": "3.0.81"
},
{
"status": "affected",
"version": "3.0.82"
},
{
"status": "affected",
"version": "3.0.83"
},
{
"status": "affected",
"version": "3.0.84"
},
{
"status": "affected",
"version": "3.0.85"
},
{
"status": "affected",
"version": "3.0.86"
},
{
"status": "affected",
"version": "3.0.87"
},
{
"status": "affected",
"version": "3.0.88"
},
{
"status": "affected",
"version": "3.0.89"
},
{
"status": "affected",
"version": "3.0.90"
},
{
"status": "affected",
"version": "3.0.91"
},
{
"status": "affected",
"version": "3.0.92"
},
{
"status": "affected",
"version": "3.0.93"
},
{
"status": "affected",
"version": "3.0.94"
},
{
"status": "affected",
"version": "3.0.95"
},
{
"status": "affected",
"version": "3.0.96"
},
{
"status": "affected",
"version": "3.0.97"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-f (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-17T23:00:13.988Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364394 | vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364394"
},
{
"name": "VDB-364394 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364394/cti"
},
{
"name": "Submit #811406 | vercel ai @ai-sdk/amazon-bedrock@3.0.97 Uncontrolled Resource Consumption (CWE-400)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811406"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T11:33:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8769",
"datePublished": "2026-05-17T23:00:13.988Z",
"dateReserved": "2026-05-17T09:28:09.002Z",
"dateUpdated": "2026-05-18T20:13:40.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-8769",
"date": "2026-05-20",
"epss": "0.00047",
"percentile": "0.1462"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-8769\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-05-17T23:17:03.180\",\"lastModified\":\"2026-05-19T15:27:30.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.97\",\"matchCriteriaId\":\"9C80CA5C-3BEC-499F-85D5-5E81491D37D6\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/submit/811406\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/364394\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/364394/cti\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-8769\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-18T20:12:31.099819Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-18T20:13:36.286Z\"}}], \"cna\": {\"title\": \"vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Eric-f (VulDB User)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"VulDB CNA Team\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4, \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*\"], \"vendor\": \"vercel\", \"modules\": [\"provider-utils\"], \"product\": \"ai\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\"}, {\"status\": \"affected\", \"version\": \"3.0.1\"}, {\"status\": \"affected\", \"version\": \"3.0.2\"}, {\"status\": \"affected\", \"version\": \"3.0.3\"}, {\"status\": \"affected\", \"version\": \"3.0.4\"}, {\"status\": \"affected\", \"version\": \"3.0.5\"}, {\"status\": \"affected\", \"version\": \"3.0.6\"}, {\"status\": \"affected\", \"version\": \"3.0.7\"}, {\"status\": \"affected\", \"version\": \"3.0.8\"}, {\"status\": \"affected\", \"version\": \"3.0.9\"}, {\"status\": \"affected\", \"version\": \"3.0.10\"}, {\"status\": \"affected\", \"version\": \"3.0.11\"}, {\"status\": \"affected\", \"version\": \"3.0.12\"}, {\"status\": \"affected\", \"version\": \"3.0.13\"}, {\"status\": \"affected\", \"version\": \"3.0.14\"}, {\"status\": \"affected\", \"version\": \"3.0.15\"}, {\"status\": \"affected\", \"version\": \"3.0.16\"}, {\"status\": \"affected\", \"version\": \"3.0.17\"}, {\"status\": \"affected\", \"version\": \"3.0.18\"}, {\"status\": \"affected\", \"version\": \"3.0.19\"}, {\"status\": \"affected\", \"version\": \"3.0.20\"}, {\"status\": \"affected\", \"version\": \"3.0.21\"}, {\"status\": \"affected\", \"version\": \"3.0.22\"}, {\"status\": \"affected\", \"version\": \"3.0.23\"}, {\"status\": \"affected\", \"version\": \"3.0.24\"}, {\"status\": \"affected\", \"version\": \"3.0.25\"}, {\"status\": \"affected\", \"version\": \"3.0.26\"}, {\"status\": \"affected\", \"version\": \"3.0.27\"}, {\"status\": \"affected\", \"version\": \"3.0.28\"}, {\"status\": \"affected\", \"version\": \"3.0.29\"}, {\"status\": \"affected\", \"version\": \"3.0.30\"}, {\"status\": \"affected\", \"version\": \"3.0.31\"}, {\"status\": \"affected\", \"version\": \"3.0.32\"}, {\"status\": \"affected\", \"version\": \"3.0.33\"}, {\"status\": \"affected\", \"version\": \"3.0.34\"}, {\"status\": \"affected\", \"version\": \"3.0.35\"}, {\"status\": \"affected\", \"version\": \"3.0.36\"}, {\"status\": \"affected\", \"version\": \"3.0.37\"}, {\"status\": \"affected\", \"version\": \"3.0.38\"}, {\"status\": \"affected\", \"version\": \"3.0.39\"}, {\"status\": \"affected\", \"version\": \"3.0.40\"}, {\"status\": \"affected\", \"version\": \"3.0.41\"}, {\"status\": \"affected\", \"version\": \"3.0.42\"}, {\"status\": \"affected\", \"version\": \"3.0.43\"}, {\"status\": \"affected\", \"version\": \"3.0.44\"}, {\"status\": \"affected\", \"version\": \"3.0.45\"}, {\"status\": \"affected\", \"version\": \"3.0.46\"}, {\"status\": \"affected\", \"version\": \"3.0.47\"}, {\"status\": \"affected\", \"version\": \"3.0.48\"}, {\"status\": \"affected\", \"version\": \"3.0.49\"}, {\"status\": \"affected\", \"version\": \"3.0.50\"}, {\"status\": \"affected\", \"version\": \"3.0.51\"}, {\"status\": \"affected\", \"version\": \"3.0.52\"}, {\"status\": \"affected\", \"version\": \"3.0.53\"}, {\"status\": \"affected\", \"version\": \"3.0.54\"}, {\"status\": \"affected\", \"version\": \"3.0.55\"}, {\"status\": \"affected\", \"version\": \"3.0.56\"}, {\"status\": \"affected\", \"version\": \"3.0.57\"}, {\"status\": \"affected\", \"version\": \"3.0.58\"}, {\"status\": \"affected\", \"version\": \"3.0.59\"}, {\"status\": \"affected\", \"version\": \"3.0.60\"}, {\"status\": \"affected\", \"version\": \"3.0.61\"}, {\"status\": \"affected\", \"version\": \"3.0.62\"}, {\"status\": \"affected\", \"version\": \"3.0.63\"}, {\"status\": \"affected\", \"version\": \"3.0.64\"}, {\"status\": \"affected\", \"version\": \"3.0.65\"}, {\"status\": \"affected\", \"version\": \"3.0.66\"}, {\"status\": \"affected\", \"version\": \"3.0.67\"}, {\"status\": \"affected\", \"version\": \"3.0.68\"}, {\"status\": \"affected\", \"version\": \"3.0.69\"}, {\"status\": \"affected\", \"version\": \"3.0.70\"}, {\"status\": \"affected\", \"version\": \"3.0.71\"}, {\"status\": \"affected\", \"version\": \"3.0.72\"}, {\"status\": \"affected\", \"version\": \"3.0.73\"}, {\"status\": \"affected\", \"version\": \"3.0.74\"}, {\"status\": \"affected\", \"version\": \"3.0.75\"}, {\"status\": \"affected\", \"version\": \"3.0.76\"}, {\"status\": \"affected\", \"version\": \"3.0.77\"}, {\"status\": \"affected\", \"version\": \"3.0.78\"}, {\"status\": \"affected\", \"version\": \"3.0.79\"}, {\"status\": \"affected\", \"version\": \"3.0.80\"}, {\"status\": \"affected\", \"version\": \"3.0.81\"}, {\"status\": \"affected\", \"version\": \"3.0.82\"}, {\"status\": \"affected\", \"version\": \"3.0.83\"}, {\"status\": \"affected\", \"version\": \"3.0.84\"}, {\"status\": \"affected\", \"version\": \"3.0.85\"}, {\"status\": \"affected\", \"version\": \"3.0.86\"}, {\"status\": \"affected\", \"version\": \"3.0.87\"}, {\"status\": \"affected\", \"version\": \"3.0.88\"}, {\"status\": \"affected\", \"version\": \"3.0.89\"}, {\"status\": \"affected\", \"version\": \"3.0.90\"}, {\"status\": \"affected\", \"version\": \"3.0.91\"}, {\"status\": \"affected\", \"version\": \"3.0.92\"}, {\"status\": \"affected\", \"version\": \"3.0.93\"}, {\"status\": \"affected\", \"version\": \"3.0.94\"}, {\"status\": \"affected\", \"version\": \"3.0.95\"}, {\"status\": \"affected\", \"version\": \"3.0.96\"}, {\"status\": \"affected\", \"version\": \"3.0.97\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-17T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-05-17T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-05-17T11:33:28.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/364394\", \"name\": \"VDB-364394 | vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/364394/cti\", \"name\": \"VDB-364394 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/submit/811406\", \"name\": \"Submit #811406 | vercel ai @ai-sdk/amazon-bedrock@3.0.97 Uncontrolled Resource Consumption (CWE-400)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"Denial of Service\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-05-17T23:00:13.988Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-8769\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-18T20:13:40.558Z\", \"dateReserved\": \"2026-05-17T09:28:09.002Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-05-17T23:00:13.988Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…