Medium severity5.5GHSA Advisory· Published May 13, 2026· Updated May 13, 2026
CVE-2026-44479
CVE-2026-44479
Description
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included verbatim in those suggestions. The plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output. This vulnerability is fixed in 52.0.1.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
12- Keycard helps developers secure autonomous AI agents with scoped accessHelp Net Security · May 15, 2026
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity RiskThe Hacker News · May 8, 2026
- Researchers Spot Uptick in Use of Vercel for Phishing CampaignsInfosecurity Magazine · May 7, 2026
- 30,000 Facebook Accounts Hacked via Google AppSheet Phishing CampaignThe Hacker News · May 1, 2026
- New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATsThe Hacker News · Apr 29, 2026
- Risky Business #835 -- Why the Fast16 malware is badassRisky Business · Apr 29, 2026
- HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)SANS Internet Storm Center · Apr 28, 2026
- 27th April – Threat Intelligence ReportCheck Point Research · Apr 27, 2026
- Vercel Finds More Compromised Accounts in Context.ai-Linked BreachThe Hacker News · Apr 23, 2026
- Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugsRisky Business · Apr 22, 2026
- Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party ToolInfosecurity Magazine · Apr 21, 2026