CVE-2026-8769 Overview
CVE-2026-8769 is a resource consumption vulnerability [CWE-400] affecting Vercel AI versions up to 3.0.97. The flaw resides in the createJsonResponseHandler and createJsonErrorResponseHandler functions located in packages/provider-utils/src/response-handler.ts within the provider-utils component. An authenticated remote attacker can trigger excessive resource consumption by manipulating input processed by these response handlers. The exploit details have been publicly disclosed through VulDB and a public GitHub Gist. According to the disclosure, the vendor was contacted but did not respond.
Critical Impact
Remote attackers with low privileges can degrade availability of applications using the Vercel AI SDK by exhausting resources through crafted JSON response handling.
Affected Products
- Vercel AI SDK versions up to and including 3.0.97
- Applications consuming the provider-utils package
- Node.js services integrating the affected response-handler.ts module
Discovery Timeline
- 2026-05-17 - CVE-2026-8769 published to NVD
- 2026-05-19 - Last updated in NVD database
Technical Details for CVE-2026-8769
Vulnerability Analysis
The vulnerability exists in the JSON response handling logic of the Vercel AI SDK's provider-utils package. The functions createJsonResponseHandler and createJsonErrorResponseHandler in packages/provider-utils/src/response-handler.ts process responses from upstream AI provider APIs. The flaw allows attacker-influenced inputs to cause uncontrolled resource consumption during response parsing. This impacts the availability of applications that rely on the SDK to relay model responses. The EPSS score is 0.047%, indicating a low predicted likelihood of active exploitation despite public disclosure.
Root Cause
The root cause is improper bounding of computational or memory resources during JSON response parsing [CWE-400]. The handlers do not enforce sufficient limits on the size or structure of incoming data before processing. As a result, malformed or oversized responses lead to disproportionate CPU or memory consumption inside the handler.
Attack Vector
The attack is network-based and requires low privileges with no user interaction. An attacker who controls or can influence the upstream provider response, or who can route requests through an attacker-controlled endpoint, can deliver crafted payloads to the vulnerable handler. Repeated exploitation degrades the availability of the host application. Technical proof-of-concept details are available in the GitHub Gist PoC Repository and the VulDB Vulnerability #364394 entry.
No verified exploit code is reproduced here. Refer to the published references for technical reproduction details.
Detection Methods for CVE-2026-8769
Indicators of Compromise
- Sustained high CPU or memory utilization in Node.js processes hosting the Vercel AI SDK
- Elongated response times or timeouts on routes that proxy AI provider responses
- Repeated requests producing abnormally large or malformed JSON payloads from upstream calls
Detection Strategies
- Audit dependency manifests (package.json, package-lock.json, pnpm-lock.yaml) for ai package versions at or below 3.0.97
- Instrument the application to log response sizes and parse durations within provider-utils call paths
- Correlate process-level resource spikes with inbound request patterns hitting AI endpoints
Monitoring Recommendations
- Set alerts on Node.js event loop lag and heap usage thresholds for services using the Vercel AI SDK
- Monitor outbound calls to AI provider APIs for unusually large response bodies
- Enable runtime telemetry to flag handlers that exceed expected execution windows
How to Mitigate CVE-2026-8769
Immediate Actions Required
- Inventory all applications and services that depend on the Vercel AI SDK at versions ≤ 3.0.97
- Apply request size limits and timeouts at the reverse proxy or API gateway in front of affected services
- Restrict outbound AI provider endpoints to a trusted allowlist to limit attacker control over upstream responses
Patch Information
At the time of publication, no vendor advisory or fixed version has been published. The reporter indicates the vendor did not respond to disclosure attempts. Monitor the VulDB Vulnerability #364394 entry and the Vercel AI SDK release notes for an official patched version, and upgrade once available.
Workarounds
- Wrap calls to createJsonResponseHandler and createJsonErrorResponseHandler with size-bounded stream readers that reject oversized payloads
- Enforce per-request CPU and memory ceilings using Node.js worker threads or container resource limits
- Apply circuit breakers and timeouts on AI provider client calls to fail fast on anomalous responses
# Identify affected installations of the Vercel AI SDK
npm ls ai
# Pin to a future patched release once published by the vendor
# npm install ai@<patched-version>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
