Description
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-17
Score: 2.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in Vercel AI before version 3.0.97 in the run step of the .github/workflows/prettier‑on‑automerge.yml file. Malicious input to the PR Branch Name Interpolation component can be used to inject arbitrary operating‑system commands. The attack can be initiated remotely, requires a high level of complexity, and is considered difficult to carry out. No vendor fix has yet been issued.

Affected Systems

All instances of Vercel AI up to and including version 3.0.97 are affected. The flaw resides in a workflow component that processes pull‑request branch names and is active in any repository configured with the default prettier‑on‑automerge.yml action.

Risk and Exploitability

The CVSS score is 2.3, indicating a low severity overall. EPSS information is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to trigger the workflow with crafted input; the overall likelihood remains low, but the potential impact of executing arbitrary shell commands is severe if the path is successfully abused.

Generated by OpenCVE AI on May 17, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Vercel AI to version 3.0.98 or later
  • Disable the .github/workflows/prettier-on-automerge.yml feature or restrict it to trusted users only
  • Add input validation to ensure branch names contain no shell metacharacters

Generated by OpenCVE AI on May 17, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection
First Time appeared Vercel
Vercel ai
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*
Vendors & Products Vercel
Vercel ai
References
Metrics cvssV2_0

{'score': 4.6, 'vector': 'AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Vercel Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-17T22:30:09.659Z

Reserved: 2026-05-17T09:28:03.647Z

Link: CVE-2026-8767

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T23:17:02.810

Modified: 2026-05-17T23:17:02.810

Link: CVE-2026-8767

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T02:30:14Z

Weaknesses