AI Threat Alert AI Threat Alert

CVE-2026-44479

GHSA-pgf8-2hgj-grqg MEDIUM
Published May 7, 2026

# Summary When the Vercel CLI runs in non-interactive mode (`--non-interactive` or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via `--token` or `-t` on the command line, the token value is...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
vercel npm >= 50.16.0, <= 52.0.0 52.0.1

Do you use vercel? You're affected.

Severity & Risk

CVSS 3.1
5.5 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Local
AC Low
PR None
UI Required
S Unchanged
C High
I None
A None

Recommended Action

Patch available

Update vercel to version 52.0.1

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-44479?

Vercel: Non-interactive mode includes CLI arguments in suggested command output

Is CVE-2026-44479 actively exploited?

No confirmed active exploitation of CVE-2026-44479 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-44479?

Update to patched version: vercel 52.0.1.

What is the CVSS score for CVE-2026-44479?

CVE-2026-44479 has a CVSS v3.1 base score of 5.5 (MEDIUM).

Technical Details

NVD Description

# Summary When the Vercel CLI runs in non-interactive mode (`--non-interactive` or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via `--token` or `-t` on the command line, the token value is included verbatim in those suggestions. # Conditions All three must be true for the token to appear in output: 1. Token passed as a CLI argument (`--token` / `-t`). The `VERCEL_TOKEN` environment variable is **not affected**. 2. Non-interactive mode is active (explicit flag or AI agent auto-detection). 3. The command cannot complete on its own (e.g. missing `--yes`, ambiguous scope, API errors). Successful commands produce no suggestion output. ## Impact The plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output. ## Remediation - Upgrade to the patched version. - If developers have previously used `--token` with `--non-interactive` in their applications, review logs for exposed tokens and rotate them. - Prefer `VERCEL_TOKEN` environment variable for authentication.

Weaknesses (CWE)

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Primary CWE-532 Insertion of Sensitive Information into Log File Primary

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

Timeline

Published
May 7, 2026
Last Modified
May 7, 2026
First Seen
May 7, 2026
Back to Threat Feed