What is GHSA-9pj2-3x6v-c3pp?

GHSA-9pj2-3x6v-c3pp is a security advisory published by GitHub Security Advisories with Low severity. A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the...

Which CVE IDs does GHSA-9pj2-3x6v-c3pp cover?

GHSA-9pj2-3x6v-c3pp covers the following CVE IDs: CVE-2026-8767. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-9pj2-3x6v-c3pp?

GHSA-9pj2-3x6v-c3pp has a CVSS v3 base score of 5.0, published by GitHub Security Advisories.

GHSA-9pj2-3x6v-c3ppLowCVSS 5.0

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the...

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-8767 →

📋 Description

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-8767
https://gist.github.com/YLChen-007/870bd6966cd84703d91ce54dfea3bdd0
https://vuldb.com/submit/811402
https://vuldb.com/vuln/364392
https://vuldb.com/vuln/364392/cti
https://github.com/advisories/GHSA-9pj2-3x6v-c3pp