Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations view
Increase in Workflow runs stuck in pending, failed
minor
resolvedStatus incident
We've identified an issue where some workflow runs created between June 30 at 22:24 UTC and July 1 at 16:08 UTC may be stuck in a pending state or have reached a failed state.
New workflow runs are not impacted. We are working on a fix for runs stuck in a pending state and will provide additional updates as they become available.
We are currently investigating an issue where some recently deployed Workflow projects are stuck as pending and not delivering queued messages as expected.
Resolved: Elevated ERR_STREAM_PREMATURE_CLOSE errors in Vercel Functions
none
resolvedStatus incident
Between Jun 19 09:09 and 16:16 UTC, a subset of Vercel Functions using node-fetch@2 may have experienced intermittent invocation errors that surfaced as ERR_STREAM_PREMATURE_CLOSE.
As part of Node.js June 2026 security releases, we began rolling out new Node.js versions. Those versions contain an upstream regression that breaks response streaming for node-fetch@2, which caused the errors https://github.com/nodejs/node/issues/63989
We have resolved the issue by reverting to the previous Node.js version. No action is required — affected functions are now operating normally. We will re-land the Node.js upgrade once the upstream issue is fixed.
Elevated Functions Invocation Errors in DUB1 (Dublin, Ireland) Region
minor
resolvedStatus incident
The issue has been identified and a fix is being implemented.
A small number of requests may have seen elevated error rates in function invocations during this period.
We are investigating reports of some customers experiencing elevated errors creating new deployments. We will provide additional updates as they become available.
Elevated Function Invocation Errors in Stockholm region (ARN1)
minor
resolvedStatus incident
We've identified an issue where some customers may experience elevated error rates when invoking functions in the ARN1 Edge Region. We are currently investigating this issue.
Between 16:10 and 16:43 UTC on May 22, some customers using Next.js above 16.2.0-canary.28 with Preview Comments enabled experienced build failures during deployments. The issue has been mitigated and follow-up deployments should no longer encounter this error.
We are currently investigating elevated build failures affecting a subset of Vite projects. Affected deployments may be timing out. We’ve identified an issue and are working on the fix.
We've identified an issue where some users may see missing Build CPU Minutes data on Usage pages in the Vercel Dashboard. The issue has been resolved, and we are backfilling the affected usage data.
Increased Function Invocation Errors - ERR_MODULE_NOT_FOUND
minor
resolvedStatus incident
We're investigating an issue where customers are currently experiencing application failures due to function invocation errors when using React Router 7.
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Increase in Workflow runs stuck in pending, failed
We've identified an issue where some workflow runs created between June 30 at 22:24 UTC and July 1 at 16:08 UTC may be stuck in a pending state or have reached a failed state.
New workflow runs are not impacted. We are working on a fix for runs stuck in a pending state and will provide additional updates as they become available.
Workflow
minor
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
We are currently investigating an issue where some recently deployed Workflow projects are stuck as pending and not delivering queued messages as expected.
Workflow
major
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Resolved: Elevated ERR_STREAM_PREMATURE_CLOSE errors in Vercel Functions
Between Jun 19 09:09 and 16:16 UTC, a subset of Vercel Functions using node-fetch@2 may have experienced intermittent invocation errors that surfaced as ERR_STREAM_PREMATURE_CLOSE.
As part of Node.js June 2026 security releases, we began rolling out new Node.js versions. Those versions contain an upstream regression that breaks response streaming for node-fetch@2, which caused the errors https://github.com/nodejs/node/issues/63989
We have resolved the issue by reverting to the previous Node.js version. No action is required — affected functions are now operating normally. We will re-land the Node.js upgrade once the upstream issue is fixed.
Functions
none
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Elevated Functions Invocation Errors in DUB1 (Dublin, Ireland) Region
The issue has been identified and a fix is being implemented.
A small number of requests may have seen elevated error rates in function invocations during this period.
Functions
minor
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
We are investigating reports of some customers experiencing elevated errors creating new deployments. We will provide additional updates as they become available.
Builds
minor
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Elevated Function Invocation Errors in Stockholm region (ARN1)
We've identified an issue where some customers may experience elevated error rates when invoking functions in the ARN1 Edge Region. We are currently investigating this issue.
Functions
minor
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Between 16:10 and 16:43 UTC on May 22, some customers using Next.js above 16.2.0-canary.28 with Preview Comments enabled experienced build failures during deployments. The issue has been mitigated and follow-up deployments should no longer encounter this error.
Builds
none
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
We are currently investigating elevated build failures affecting a subset of Vite projects. Affected deployments may be timing out. We’ve identified an issue and are working on the fix.
Builds
minor
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
We've identified an issue where some users may see missing Build CPU Minutes data on Usage pages in the Vercel Dashboard. The issue has been resolved, and we are backfilling the affected usage data.
Builds
minor
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Increased Function Invocation Errors - ERR_MODULE_NOT_FOUND
We're investigating an issue where customers are currently experiencing application failures due to function invocation errors when using React Router 7.
Next.js / Vercel
minor
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
ai
MEDIUMCVE-2026-8768
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
The Vercel / Next.jswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
Confirm whether recent Vercel / Next.js activity overlaps with your environment.
Prioritize advisories by MSP-relevance score, severity, and status.
Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
98
Active
0
Featured
0
Unique CVEs
1
Most recent entry
Jul 1, 2026, 11:57 AM
Feed refreshes daily · 5:15 a.m. Central
Sources·Vercel status page (vercel-status.com)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
It is the Vercel / Next.js-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Vercel / Next.js watch page?
Use it to confirm whether current Vercel / Next.js issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Vercel / Next.js security issues?
Yes. ITECS can help map Vercel / Next.js advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.