Elevated Build Errors for Secure Compute/Static IPs Projects
majorresolvedStatus incident
We are currently investigating this issue.
Jun 9, 2026, 9:09 AMOfficial source
Vercel / Next.js threat watch
Next.js application platform, deployment workflow, and Vercel service status watch.
Vendor watch hub
What this page covers
The Vercel / Next.jswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
- Confirm whether recent Vercel / Next.js activity overlaps with your environment.
- Prioritize advisories by MSP-relevance score, severity, and status.
- Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
91
Active
0
Featured
0
Unique CVEs
4
Most recent entry
Jun 9, 2026, 9:09 AM
Feed refreshes daily · 5:15 a.m. Central
Sources·Vercel status page (vercel-status.com)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Recent Vercel / Next.js watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewElevated Functions Invocation Errors in DUB1 (Dublin, Ireland) Region
minorresolvedStatus incident
The issue has been identified and a fix is being implemented. A small number of requests may have seen elevated error rates in function invocations during this period.
Jun 8, 2026, 1:57 PMOfficial source
Elevated Errors Creating New Deployments
minorresolvedStatus incident
We are investigating reports of some customers experiencing elevated errors creating new deployments. We will provide additional updates as they become available.
Jun 1, 2026, 2:21 PMOfficial source
Elevated Function Invocation Errors in Stockholm region (ARN1)
minorresolvedStatus incident
We've identified an issue where some customers may experience elevated error rates when invoking functions in the ARN1 Edge Region. We are currently investigating this issue.
May 28, 2026, 11:00 AMOfficial source
Elevated Errors on Vercel Dashboard (Project Overview Page)
minorresolvedStatus incident
We are currently investigating this issue.
May 26, 2026, 11:50 PMOfficial source
Delays Loading Runtime Logs
minorresolvedStatus incident
We are currently investigating elevated latency in loading runtime logs (Vercel Functions) in live mode. Log Drains are unaffected at this time.
May 25, 2026, 9:58 AMOfficial source
Elevated Build Failures (GitHub connected projects)
minorresolvedStatus incident
We are currently investigating this issue.
May 23, 2026, 1:44 PMOfficial source
Build Failures for Some Next.js Deployments
noneresolvedStatus incident
Between 16:10 and 16:43 UTC on May 22, some customers using Next.js above 16.2.0-canary.28 with Preview Comments enabled experienced build failures during deployments. The issue has been mitigated and follow-up deployments should no longer encounter this error.
May 22, 2026, 12:11 PMOfficial source
Elevated Build Errors
minorresolvedStatus incident
We are currently investigating elevated build failures affecting a subset of Vite projects. Affected deployments may be timing out. We’ve identified an issue and are working on the fix.
May 21, 2026, 10:01 AMOfficial source
Missing Build CPU Minutes Usage Data
minorresolvedStatus incident
We've identified an issue where some users may see missing Build CPU Minutes data on Usage pages in the Vercel Dashboard. The issue has been resolved, and we are backfilling the affected usage data.
May 20, 2026, 3:07 PMOfficial source
Increased Function Invocation Errors - ERR_MODULE_NOT_FOUND
minorresolvedStatus incident
We're investigating an issue where customers are currently experiencing application failures due to function invocation errors when using React Router 7.
May 18, 2026, 4:42 PMOfficial source
Support cases cannot be submitted
minorresolvedStatus incident
We are investigating an issue where support cannot be submitted through the dashboard.
May 18, 2026, 10:00 AMOfficial source
ai vulnerability (CVE-2026-8768)
MEDIUMwatchNVDCVE-2026-8768
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
May 17, 2026, 6:17 PMOfficial source
ai vulnerability (CVE-2026-8767)
LOWwatchNVDCVE-2026-8767
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
May 17, 2026, 6:17 PMOfficial source
turborepo language server protocol vulnerability (CVE-2026-46508)
HIGHwatchNVDCVE-2026-46508
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and task runs. A malicious workspace could provide crafted values through workspace settings or task names in the repository's source code that were interpolated into shell commands. When the extension activated or when a user ran a task through the extension, those values could be interpreted by the user's shell, allowing arbitrary command execution with the privileges of the local VS Code process. This vulnerability is fixed in 2.9.14000.
May 15, 2026, 11:16 AMOfficial source
turborepo vulnerability (CVE-2026-45772)
NONEwatchNVDCVE-2026-45772
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a project-controlled yarnPath from .yarnrc.yml. An attacker who controls repository contents could cause code execution when a user or CI system runs affected turbo, @turbo/codemod, or @turbo/workspace conversion commands. This vulnerability is fixed in 2.9.14.
May 15, 2026, 11:16 AMOfficial source
Workflow usage amounts are incorrectly calculated
minorresolvedStatus incident
Workflow Storage Retention and Workflow Storage Writes are being incorrectly calculated in usage data. The team is investigating and working to resolve the discrepancy.
May 15, 2026, 5:34 AMOfficial source
Vercel Queues, and Vercel Workflow runs were delayed
minorresolvedStatus incident
Between 1:30 to 3:44 UTC, messages in Vercel Queues in iad1 were enqueued but not processed, and Vercel Workflows were blocked from making progress (i.e. remaining in pending / active states). This is recovering, Vercel Queues backlogs are being processed, and Vercel Workflows are unblocked.
May 8, 2026, 11:45 PMOfficial source
SSL Certificate Generation Delays
noneresolvedStatus incident
Between 18:36 and 19:04 UTC, issuing SSL certificates was delayed for new domains. These certificates have now been issued. Certificate renewals were not affected.
May 8, 2026, 2:15 PMOfficial source
Delays Processing Builds
minorresolvedStatus incident
We've identified an issue where some customers may experience delays in builds starting and/or builds stuck in an initializing state. We are applying a fix and will provide additional updates as they become available.
May 8, 2026, 11:30 AMOfficial source
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Elevated Build Errors for Secure Compute/Static IPs ProjectsWe are currently investigating this issue. Builds | major Elevated | resolved | Jun 9, 2026, 9:09 AM | Status incidentOpen source |
Elevated Functions Invocation Errors in DUB1 (Dublin, Ireland) RegionThe issue has been identified and a fix is being implemented. A small number of requests may have seen elevated error rates in function invocations during this period. Functions | minor Watch | resolved | Jun 8, 2026, 1:57 PM | Status incidentOpen source |
Elevated Errors Creating New DeploymentsWe are investigating reports of some customers experiencing elevated errors creating new deployments. We will provide additional updates as they become available. Builds | minor Watch | resolved | Jun 1, 2026, 2:21 PM | Status incidentOpen source |
Elevated Function Invocation Errors in Stockholm region (ARN1)We've identified an issue where some customers may experience elevated error rates when invoking functions in the ARN1 Edge Region. We are currently investigating this issue. Functions | minor Watch | resolved | May 28, 2026, 11:00 AM | Status incidentOpen source |
Elevated Errors on Vercel Dashboard (Project Overview Page)We are currently investigating this issue. Dashboard | minor Watch | resolved | May 26, 2026, 11:50 PM | Status incidentOpen source |
Delays Loading Runtime LogsWe are currently investigating elevated latency in loading runtime logs (Vercel Functions) in live mode. Log Drains are unaffected at this time. Logs | minor Watch | resolved | May 25, 2026, 9:58 AM | Status incidentOpen source |
Elevated Build Failures (GitHub connected projects)We are currently investigating this issue. Builds | minor Watch | resolved | May 23, 2026, 1:44 PM | Status incidentOpen source |
Build Failures for Some Next.js DeploymentsBetween 16:10 and 16:43 UTC on May 22, some customers using Next.js above 16.2.0-canary.28 with Preview Comments enabled experienced build failures during deployments. The issue has been mitigated and follow-up deployments should no longer encounter this error. Builds | none Watch | resolved | May 22, 2026, 12:11 PM | Status incidentOpen source |
Elevated Build ErrorsWe are currently investigating elevated build failures affecting a subset of Vite projects. Affected deployments may be timing out. We’ve identified an issue and are working on the fix. Builds | minor Watch | resolved | May 21, 2026, 10:01 AM | Status incidentOpen source |
Missing Build CPU Minutes Usage DataWe've identified an issue where some users may see missing Build CPU Minutes data on Usage pages in the Vercel Dashboard. The issue has been resolved, and we are backfilling the affected usage data. Builds | minor Watch | resolved | May 20, 2026, 3:07 PM | Status incidentOpen source |
Increased Function Invocation Errors - ERR_MODULE_NOT_FOUNDWe're investigating an issue where customers are currently experiencing application failures due to function invocation errors when using React Router 7. Next.js / Vercel | minor Watch | resolved | May 18, 2026, 4:42 PM | Status incidentOpen source |
Support cases cannot be submittedWe are investigating an issue where support cannot be submitted through the dashboard. Support Chat | minor Watch | resolved | May 18, 2026, 10:00 AM | Status incidentOpen source |
ai vulnerability (CVE-2026-8768)A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. ai | MEDIUMCVE-2026-8768 Watch | watch | May 17, 2026, 6:17 PM | NVDOpen source |
ai vulnerability (CVE-2026-8767)A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. ai | LOWCVE-2026-8767 Watch | watch | May 17, 2026, 6:17 PM | NVDOpen source |
turborepo language server protocol vulnerability (CVE-2026-46508)Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and task runs. A malicious workspace could provide crafted values through workspace settings or task names in the repository's source code that were interpolated into shell commands. When the extension activated or when a user ran a task through the extension, those values could be interpreted by the user's shell, allowing arbitrary command execution with the privileges of the local VS Code process. This vulnerability is fixed in 2.9.14000. turborepo language server protocol | HIGHCVE-2026-46508 Watch | watch | May 15, 2026, 11:16 AM | NVDOpen source |
turborepo vulnerability (CVE-2026-45772)Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a project-controlled yarnPath from .yarnrc.yml. An attacker who controls repository contents could cause code execution when a user or CI system runs affected turbo, @turbo/codemod, or @turbo/workspace conversion commands. This vulnerability is fixed in 2.9.14. turborepo | NONECVE-2026-45772 Watch | watch | May 15, 2026, 11:16 AM | NVDOpen source |
Workflow usage amounts are incorrectly calculatedWorkflow Storage Retention and Workflow Storage Writes are being incorrectly calculated in usage data. The team is investigating and working to resolve the discrepancy. Workflow | minor Watch | resolved | May 15, 2026, 5:34 AM | Status incidentOpen source |
Vercel Queues, and Vercel Workflow runs were delayedBetween 1:30 to 3:44 UTC, messages in Vercel Queues in iad1 were enqueued but not processed, and Vercel Workflows were blocked from making progress (i.e. remaining in pending / active states). This is recovering, Vercel Queues backlogs are being processed, and Vercel Workflows are unblocked. Queues | minor Watch | resolved | May 8, 2026, 11:45 PM | Status incidentOpen source |
SSL Certificate Generation DelaysBetween 18:36 and 19:04 UTC, issuing SSL certificates was delayed for new domains. These certificates have now been issued. Certificate renewals were not affected. Next.js / Vercel | none Watch | resolved | May 8, 2026, 2:15 PM | Status incidentOpen source |
Delays Processing BuildsWe've identified an issue where some customers may experience delays in builds starting and/or builds stuck in an initializing state. We are applying a fix and will provide additional updates as they become available. Builds | minor Watch | resolved | May 8, 2026, 11:30 AM | Status incidentOpen source |
Related vendors
Other cloud vendors in the radar
ITECS response pathways
Turn the Vercel / Next.js watch feed into an action plan
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Website design & development
Use the website design & development pathway when this vendor alert needs an ITECS-managed response plan.
Cybersecurity services
Connect the vendor watch page to broader managed detection, response, and governance planning.
Cybersecurity assessment
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Threat Radar hub
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
Common questions
What is the Vercel / Next.js threat watch page?
It is the Vercel / Next.js-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Vercel / Next.js watch page?
Use it to confirm whether current Vercel / Next.js issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Vercel / Next.js security issues?
Yes. ITECS can help map Vercel / Next.js advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.