CVE-2026-44479EPSS p5.6%

CVE-2026-44479CVE-2026-44479

vercel / vercel

Description

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included verbatim in those suggestions. The plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output. This vulnerability is fixed in 52.0.1.

Scoring

CVSS 5.5 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS0.16% probability of exploitation · percentile 5.6% · 2026-06-18T12:00:27Z
Last modified2026-06-04

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34162
CVE
CVE-2026-47284
CVE
CVE-2025-55319
CVE
CVE-2026-22038
CVE
CVE-2026-44345
CVE
CVE-2026-44578
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.