CVE-2026-44479: Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI ru
Summary
In Vercel CLI versions 50.16.0 to 52.0.0, when running in non-interactive mode (a mode where the tool runs without user interaction, often used in CI/CD systems or with AI agents), authentication tokens (secret credentials that prove your identity) could be accidentally included in plain text within JSON suggestions that the tool outputs. This means the token could be exposed in logs or agent records where it shouldn't be visible.
Solution / Mitigation
This vulnerability is fixed in version 52.0.1.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
local
low
none
required
May 13, 2026
Classification
Affected Vendors
Related Issues
GHSA-382c-vx95-w3p5: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44479
First tracked: May 13, 2026 at 08:10 PM
Classified by LLM (prompt v3) · confidence: 85%