CVE-2026-8769 | vercel ai up to 3.0.97 provider-utils response-handler.ts resource consumption

A vulnerability, which was classified as problematic, has been found in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption.

This vulnerability appears as CVE-2026-8769. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More