Tag

#vercel

2 posts tagged #vercel.

Analysis · May 14, 2026 · Colten Anderson

Vercel shipped the framework. You're shipping the patch

CVE-2026-44578 is a CVSS 8.6 SSRF in self-hosted Next.js. The fix for 13.x and 14.x users is a major-version migration, filed against your product team as a Dependabot chore.
Analysis · May 1, 2026 · Colten Anderson

The Vercel breach is the Heroku/Travis CI playbook, rerun through an AI tool

A compromised OAuth token at a small AI productivity company gave attackers a path into Vercel's internal systems. The structural pattern is four years old. AI tools are making it worse.