CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-8768

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.0%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 7.5

References

https://gist.github.com/YLChen-007/07d149bd68adbee58165b4207a2abc71
https://gist.github.com/YLChen-007/cf7e47e4dda392f474ca77a66d1d847f
https://vuldb.com/submit/811404
https://vuldb.com/submit/811405
https://vuldb.com/vuln/364393
https://vuldb.com/vuln/364393/cti

Products affected by CVE-2026-8768

Vercel » Ai » Version: Any

cpe:2.3:a:vercel:ai:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-8768

Products

Pricing

Contact Us