{"id":55194,"date":"2026-05-17T19:38:30","date_gmt":"2026-05-17T19:38:30","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=55194"},"modified":"2026-05-17T19:38:30","modified_gmt":"2026-05-17T19:38:30","slug":"vercel-ai-provider-utils-download-blobts-validatedownloadurl-server-side-request-forgery","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=55194","title":{"rendered":"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768"},"content":{"rendered":"

{“lastseen”:””,”description”:”A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages\/provider-utils\/src\/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.”,”published”:”2026-05-17T22:45:09.929Z”,”modified”:”2026-05-17T22:45:09.929Z”,”type”:”cve”,”title”:”vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery”,”source”:”VulDB”,”references”:”https:\/\/vuldb.com\/vuln\/364393\\nhttps:\/\/vuldb.com\/vuln\/364393\/cti\\nhttps:\/\/vuldb.com\/submit\/811404\\nhttps:\/\/vuldb.com\/submit\/811405\\nhttps:\/\/gist.github.com\/YLChen-007\/07d149bd68adbee58165b4207a2abc71\\nhttps:\/\/gist.github.com\/YLChen-007\/cf7e47e4dda392f474ca77a66d1d847f”,”id”:”CVE-2026-8768″,”bulletinFamily”:””,”cwe”:[“CWE-918″],”cvelist”:null,”sourceData”:”vercel ai 3.0.0\\nvercel ai 3.0.1\\nvercel ai 3.0.2\\nvercel ai 3.0.3\\nvercel ai 3.0.4\\nvercel ai 3.0.5\\nvercel ai 3.0.6\\nvercel ai 3.0.7\\nvercel ai 3.0.8\\nvercel ai 3.0.9\\nvercel ai 3.0.10\\nvercel ai 3.0.11\\nvercel ai 3.0.12\\nvercel ai 3.0.13\\nvercel ai 3.0.14\\nvercel ai 3.0.15\\nvercel ai 3.0.16\\nvercel ai 3.0.17\\nvercel ai 3.0.18\\nvercel ai 3.0.19\\nvercel ai 3.0.20\\nvercel ai 3.0.21\\nvercel ai 3.0.22\\nvercel ai 3.0.23\\nvercel ai 3.0.24\\nvercel ai 3.0.25\\nvercel ai 3.0.26\\nvercel ai 3.0.27\\nvercel ai 3.0.28\\nvercel ai 3.0.29\\nvercel ai 3.0.30\\nvercel ai 3.0.31\\nvercel ai 3.0.32\\nvercel ai 3.0.33\\nvercel ai 3.0.34\\nvercel ai 3.0.35\\nvercel ai 3.0.36\\nvercel ai 3.0.37\\nvercel ai 3.0.38\\nvercel ai 3.0.39\\nvercel ai 3.0.40\\nvercel ai 3.0.41\\nvercel ai 3.0.42\\nvercel ai 3.0.43\\nvercel ai 3.0.44\\nvercel ai 3.0.45\\nvercel ai 3.0.46\\nvercel ai 3.0.47\\nvercel ai 3.0.48\\nvercel ai 3.0.49\\nvercel ai 3.0.50\\nvercel ai 3.0.51\\nvercel ai 3.0.52\\nvercel ai 3.0.53\\nvercel ai 3.0.54\\nvercel ai 3.0.55\\nvercel ai 3.0.56\\nvercel ai 3.0.57\\nvercel ai 3.0.58\\nvercel ai 3.0.59\\nvercel ai 3.0.60\\nvercel ai 3.0.61\\nvercel ai 3.0.62\\nvercel ai 3.0.63\\nvercel ai 3.0.64\\nvercel ai 3.0.65\\nvercel ai 3.0.66\\nvercel ai 3.0.67\\nvercel ai 3.0.68\\nvercel ai 3.0.69\\nvercel ai 3.0.70\\nvercel ai 3.0.71\\nvercel ai 3.0.72\\nvercel ai 3.0.73\\nvercel ai 3.0.74\\nvercel ai 3.0.75\\nvercel ai 3.0.76\\nvercel ai 3.0.77\\nvercel ai 3.0.78\\nvercel ai 3.0.79\\nvercel ai 3.0.80\\nvercel ai 3.0.81\\nvercel ai 3.0.82\\nvercel ai 3.0.83\\nvercel ai 3.0.84\\nvercel ai 3.0.85\\nvercel ai 3.0.86\\nvercel ai 3.0.87\\nvercel ai 3.0.88\\nvercel ai 3.0.89\\nvercel ai 3.0.90\\nvercel ai 3.0.91\\nvercel ai 3.0.92\\nvercel ai 3.0.93\\nvercel ai 3.0.94\\nvercel ai 3.0.95\\nvercel ai 3.0.96\\nvercel ai 3.0.97″,”sourceHref”:””,”cvss”:{“score”:6.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”ai”,”version”:”3.0.0″,”vendor”:”vercel”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages\/provider-utils\/src\/download-blob.ts of the component provider-utils….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,48,12,21,13,7,11,5],"class_list":["post-55194","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nvercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=55194\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages\/provider-utils\/src\/download-blob.ts of the component provider-utils....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=55194\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-17T19:38:30+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55194#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55194\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768\",\"datePublished\":\"2026-05-17T19:38:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55194\"},\"wordCount\":434,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.9\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=55194#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55194\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55194\",\"name\":\"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-17T19:38:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55194#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=55194\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55194#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=55194","og_locale":"en_US","og_type":"article","og_title":"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768 - zero redgem","og_description":"{“lastseen”:””,”description”:”A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages\/provider-utils\/src\/download-blob.ts of the component provider-utils....","og_url":"https:\/\/zero.redgem.net\/?p=55194","og_site_name":"zero redgem","article_published_time":"2026-05-17T19:38:30+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=55194#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=55194"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768","datePublished":"2026-05-17T19:38:30+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=55194"},"wordCount":434,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.9","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=55194#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=55194","url":"https:\/\/zero.redgem.net\/?p=55194","name":"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-17T19:38:30+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=55194#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=55194"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=55194#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery_CVE-2026-8768"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/55194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=55194"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/55194\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=55194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=55194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=55194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}