{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/ai--3.0.97/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-8768"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ai (\u003c= 3.0.97)"],"_cs_severities":["medium"],"_cs_tags":["SSRF","CVE-2026-8768","vercel","ai"],"_cs_type":"advisory","_cs_vendors":["Vercel"],"content_html":"\u003cp\u003eA server-side request forgery (SSRF) vulnerability, identified as CVE-2026-8768, affects Vercel AI versions up to 3.0.97. The vulnerability resides within the \u003ccode\u003evalidateDownloadUrl\u003c/code\u003e function in the \u003ccode\u003epackages/provider-utils/src/download-blob.ts\u003c/code\u003e file of the \u003ccode\u003eprovider-utils\u003c/code\u003e component. Successful exploitation allows a remote attacker to potentially force the application to make requests to internal or external resources, potentially leading to information disclosure or other malicious activities. Public exploits for this vulnerability are available. The vendor has been notified but has not responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies the \u003ccode\u003evalidateDownloadUrl\u003c/code\u003e function within Vercel AI\u0026rsquo;s \u003ccode\u003eprovider-utils\u003c/code\u003e component as a potential SSRF target.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing a target for the SSRF attack, potentially an internal service or external resource.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious URL into an application input that is processed by the vulnerable \u003ccode\u003evalidateDownloadUrl\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003evalidateDownloadUrl\u003c/code\u003e function fails to properly sanitize or validate the attacker-controlled URL.\u003c/li\u003e\n\u003cli\u003eThe Vercel AI application makes an HTTP request to the attacker-specified URL using server-side resources.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to information from internal services or external resources that the Vercel AI application can access.\u003c/li\u003e\n\u003cli\u003eDepending on the internal services exposed, the attacker might escalate this SSRF to other internal attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-8768 can allow an attacker to perform actions such as scanning internal networks, reading sensitive files from internal services, or potentially gaining unauthorized access to other systems accessible from the vulnerable Vercel AI instance. The lack of vendor response makes patching uncertain.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect and filter outbound network connections from Vercel AI instances to detect requests to unexpected internal resources (log source: \u003ccode\u003enetwork_connection\u003c/code\u003e, Sigma rule: \u0026ldquo;Detect Suspicious Outbound Connection\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Potential SSRF via validateDownloadUrl\u0026rdquo; to identify potential exploitation attempts targeting the vulnerable function.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual requests containing suspicious URLs indicative of SSRF exploitation attempts (log source: \u003ccode\u003ewebserver\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-17T23:18:42Z","date_published":"2026-05-17T23:18:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-vercel-ai-ssrf/","summary":"Vulnerability CVE-2026-8768 describes a server-side request forgery (SSRF) flaw in the validateDownloadUrl function of the provider-utils component in Vercel AI versions up to 3.0.97, enabling remote attackers to potentially make internal requests.","title":"Vercel AI Server-Side Request Forgery Vulnerability (CVE-2026-8768)","url":"https://feed.craftedsignal.io/briefs/2026-05-vercel-ai-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Ai (\u003c= 3.0.97)","version":"https://jsonfeed.org/version/1.1"}