📄 Description (English)
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
A server-side request forgery (SSRF) vulnerability exists in Vercel AI versions up to 3.0.97 affecting the validateDownloadUrl function. With a CVSS score of 7.3 and publicly available exploits, this vulnerability allows remote attackers to make unauthorized requests from affected servers. No patch is currently available from the vendor, requiring immediate mitigation through alternative controls.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 21, 2026 05:42
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations using Vercel AI in cloud infrastructure, particularly: (1) Financial Technology and Banking sector (SAMA-regulated fintech platforms) processing sensitive transactions; (2) Government digital transformation initiatives and e-services platforms; (3) Healthcare providers using cloud-based AI for diagnostics and patient data processing; (4) Telecommunications companies (STC, Mobily) leveraging AI for network optimization; (5) Energy sector (ARAMCO, SEC) using AI for operational analytics. SSRF attacks could enable lateral movement to internal systems, data exfiltration, and compromise of critical infrastructure.
🏢 Affected Saudi Sectors
Banking & Financial Services
Government & Public Sector
Healthcare
Energy & Utilities
Telecommunications
E-commerce
Cloud Service Providers
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all systems using Vercel AI versions ≤3.0.97 across your organization
2. Disable or restrict the validateDownloadUrl function if not critical to operations
3. Implement network segmentation to isolate affected systems from sensitive internal resources
4. Enable comprehensive logging of all outbound requests from affected systems
COMPENSATING CONTROLS (until patch available):
5. Deploy Web Application Firewall (WAF) rules to block suspicious URL patterns in download requests
6. Implement strict URL validation whitelisting - only allow downloads from pre-approved domains
7. Restrict outbound network access from affected servers using firewall rules (block access to internal IP ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1)
8. Monitor for SSRF indicators: requests to localhost, 127.0.0.1, internal IP addresses, cloud metadata endpoints (169.254.169.254)
9. Implement request rate limiting on download endpoints
10. Use network proxies/egress filtering to prevent connections to internal services
DETECTION RULES:
- Alert on validateDownloadUrl calls with parameters containing: localhost, 127.0.0.1, internal IP ranges, cloud metadata IPs
- Monitor for unusual outbound connections from Vercel AI processes
- Track failed authentication attempts following download requests
- Log all URL parameters passed to download functions for forensic analysis
PATCHING STRATEGY:
11. Monitor Vercel security advisories for patch release
12. Plan upgrade to patched version immediately upon availability
13. Test patches in isolated environment before production deployment
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع الأنظمة التي تستخدم Vercel AI الإصدارات ≤3.0.97 في جميع أنحاء المنظمة
2. قم بتعطيل أو تقييد وظيفة validateDownloadUrl إذا لم تكن حرجة للعمليات
3. تنفيذ تقسيم الشبكة لعزل الأنظمة المتأثرة عن الموارد الداخلية الحساسة
4. تفعيل تسجيل شامل لجميع الطلبات الصادرة من الأنظمة المتأثرة
الضوابط البديلة (حتى توفر التصحيح):
5. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط عناوين URL المريبة في طلبات التنزيل
6. تنفيذ التحقق من صحة عناوين URL بقائمة بيضاء صارمة - السماح فقط بالتنزيلات من النطاقات المعتمة مسبقاً
7. تقييد الوصول الشبكي الصادر من الخوادم المتأثرة باستخدام قواعد جدار الحماية
8. مراقبة مؤشرات SSRF: الطلبات إلى localhost والعناوين الداخلية
9. تنفيذ تحديد معدل الطلبات على نقاط نهاية التنزيل
10. استخدام وكلاء الشبكة لمنع الاتصالات بالخدمات الداخلية
قواعد الكشف:
- تنبيهات على استدعاءات validateDownloadUrl التي تحتوي على معاملات مريبة
- مراقبة الاتصالات الصادرة غير العادية من عمليات Vercel AI
- تتبع محاولات المصادقة الفاشلة بعد طلبات التنزيل
- تسجيل جميع معاملات عناوين URL للتحليل الجنائي
استراتيجية التصحيح:
11. مراقبة إشعارات أمان Vercel للحصول على إصدار التصحيح
12. التخطيط للترقية إلى الإصدار المصحح فوراً عند توفره
13. اختبار التصحيحات في بيئة معزولة قبل نشرها في الإنتاج
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements for supplier relationships
ECC 2024 A.14.2.5 - Addressing information security in supplier agreements
ECC 2024 A.13.1.3 - Segregation of networks
ECC 2024 A.13.2.1 - Network access control
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
Governance & Risk Management - Vulnerability Management
Information & Cyber Security - Application Security
Information & Cyber Security - Network Security
Operational Resilience - Incident Management
🟡 ISO 27001:2022
ISO 27001:2022 A.5.23 - Information security for supplier relationships
ISO 27001:2022 A.8.1 - Organizational controls for information security
ISO 27001:2022 A.8.2 - Personnel security
ISO 27001:2022 A.13.1 - Network security
ISO 27001:2022 A.14.2 - Supplier relationships
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Ensure security patches are installed within one month of release
PCI DSS 11.2 - Run automated vulnerability scans
PCI DSS 1.3 - Prohibit direct public access between the Internet and any system component
🔗 References & Sources 6
🔗
https://gist.github.com/YLChen-007/07d149bd68adbee58165b4207a2abc71
cna@vuldb.com
Not Applicable
🔗
https://gist.github.com/YLChen-007/cf7e47e4dda392f474ca77a66d1d847f
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/811404
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/submit/811405
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/364393
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/364393/cti
cna@vuldb.com
Permissions Required
VDB Entry
📦 Affected Products / CPE 1 entries
vercel:ai