CVE-2026-44479: Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI ru
mediumvulnerability
security
Summary
In Vercel CLI versions 50.16.0 to 52.0.0, when running in non-interactive mode (a mode where the tool runs without user interaction, often used in CI/CD systems or with AI agents), authentication tokens (secret credentials that prove your identity) could be accidentally included in plain text within JSON suggestions that the tool outputs. This means the token could be exposed in logs or agent records where it shouldn't be visible.
Solution / Mitigation
This vulnerability is fixed in version 52.0.1.
Vulnerability Details
CVSS Score
5.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
local
Attack Complexity
low
Privileges Required
none
User Interaction
required
Disclosure Date
May 13, 2026
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44479
First tracked: May 13, 2026 at 08:10 PM
Classified by LLM (prompt v3) · confidence: 85%