Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-P7F2-6479-84WX

Vulnerability from github – Published: 2026-04-16 21:31 – Updated: 2026-04-16 21:31
VLAI
Details

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T19:16:32Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.",
  "id": "GHSA-p7f2-6479-84wx",
  "modified": "2026-04-16T21:31:13Z",
  "published": "2026-04-16T21:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43937"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P83H-G6JW-GH8F

Vulnerability from github – Published: 2025-01-03 06:32 – Updated: 2025-01-03 09:30
VLAI
Details

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-03T05:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.",
  "id": "GHSA-p83h-g6jw-gh8f",
  "modified": "2025-01-03T09:30:47Z",
  "published": "2025-01-03T06:32:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22275"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak"
    },
    {
      "type": "WEB",
      "url": "https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=42579472"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P868-FP4Q-W4HX

Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2024-09-10 12:30
VLAI
Details

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T10:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users\u0027 configuration data.",
  "id": "GHSA-p868-fp4q-w4hx",
  "modified": "2024-09-10T12:30:38Z",
  "published": "2024-09-10T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42344"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-P8RH-8MH7-W4XH

Vulnerability from github – Published: 2024-10-14 18:30 – Updated: 2024-10-14 18:30
VLAI
Details

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-14T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.",
  "id": "GHSA-p8rh-8mh7-w4xh",
  "modified": "2024-10-14T18:30:25Z",
  "published": "2024-10-14T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45739"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1009"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P999-J4HQ-PMJ3

Vulnerability from github – Published: 2025-04-09 00:30 – Updated: 2025-04-09 00:30
VLAI
Details

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T23:15:45Z",
    "severity": "MODERATE"
  },
  "details": "Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.",
  "id": "GHSA-p999-j4hq-pmj3",
  "modified": "2025-04-09T00:30:27Z",
  "published": "2025-04-09T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25013"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PC23-4MQ4-C95V

Vulnerability from github – Published: 2026-06-02 18:31 – Updated: 2026-06-02 18:31
VLAI
Details

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation.

This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number.

Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-02T16:16:39Z",
    "severity": "HIGH"
  },
  "details": "A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation.\n\nThis vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number.\n\nConsequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.",
  "id": "GHSA-pc23-4mq4-c95v",
  "modified": "2026-06-02T18:31:31Z",
  "published": "2026-06-02T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40619"
    },
    {
      "type": "WEB",
      "url": "https://resources.genetec.com/security-advisories/vulnerability-affecting-security-center-systems-main-server-installations"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFM2-2MHG-8WPX

Vulnerability from github – Published: 2026-04-23 14:31 – Updated: 2026-05-13 13:33
VLAI
Summary
n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests
Details

Impact

When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust boundary (shared log storage, SIEM pipelines, support/ops access), this can result in disclosure of:

  • bearer tokens from the Authorization header
  • per-tenant API keys from the x-n8n-key header in multi-tenant setups
  • JSON-RPC request payloads sent to the MCP endpoint

Access control itself was not bypassed — unauthenticated requests were correctly rejected with 401 Unauthorized — but sensitive values from those rejected requests could still be persisted in logs.

Impact category: CWE-532 (Insertion of Sensitive Information into Log File).

Affected

Deployments running n8n-mcp v2.47.10 or earlier in HTTP transport mode (MCP_MODE=http). The stdio transport is not affected.

Patched

v2.47.11 and later.

  • npm: npx n8n-mcp@latest (or pin to >= 2.47.11)
  • Docker: docker pull ghcr.io/czlonkowski/n8n-mcp:latest

Workarounds

If users cannot upgrade immediately:

  • Restrict network access to the HTTP port (firewall, reverse proxy, or VPN) so only trusted clients can reach the endpoint.
  • Switch to stdio transport (MCP_MODE=stdio, the default for CLI invocation), which has no HTTP surface.

Credit

n8n-MCP thanks @S4nso (Organization / Jormungandr) for reporting this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n-mcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.47.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-23T14:31:46Z",
    "nvd_published_at": "2026-05-08T20:16:30Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen `n8n-mcp` runs in HTTP transport mode, incoming requests to the `POST /mcp` endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust boundary (shared log storage, SIEM pipelines, support/ops access), this can result in disclosure of:\n\n- bearer tokens from the `Authorization` header\n- per-tenant API keys from the `x-n8n-key` header in multi-tenant setups\n- JSON-RPC request payloads sent to the MCP endpoint\n\nAccess control itself was not bypassed \u2014 unauthenticated requests were correctly rejected with `401 Unauthorized` \u2014 but sensitive values from those rejected requests could still be persisted in logs.\n\nImpact category: **CWE-532** (Insertion of Sensitive Information into Log File).\n\n### Affected\n\nDeployments running n8n-mcp **v2.47.10 or earlier** in HTTP transport mode (`MCP_MODE=http`). The stdio transport is not affected.\n\n### Patched\n\n**v2.47.11** and later.\n\n- npm: `npx n8n-mcp@latest` (or pin to `\u003e= 2.47.11`)\n- Docker: `docker pull ghcr.io/czlonkowski/n8n-mcp:latest`\n\n### Workarounds\n\nIf users cannot upgrade immediately:\n\n- Restrict network access to the HTTP port (firewall, reverse proxy, or VPN) so only trusted clients can reach the endpoint.\n- Switch to stdio transport (`MCP_MODE=stdio`, the default for CLI invocation), which has no HTTP surface.\n\n### Credit\n\nn8n-MCP thanks [@S4nso](https://github.com/S4nso) (Organization / Jormungandr) for reporting this issue.",
  "id": "GHSA-pfm2-2mhg-8wpx",
  "modified": "2026-05-13T13:33:57Z",
  "published": "2026-04-23T14:31:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-pfm2-2mhg-8wpx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41495"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/czlonkowski/n8n-mcp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests"
}

GHSA-PFVH-3W7H-4375

Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32
VLAI
Details

Windows Kernel Memory Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T18:15:56Z",
    "severity": "MODERATE"
  },
  "details": "Windows Kernel Memory Information Disclosure Vulnerability",
  "id": "GHSA-pfvh-3w7h-4375",
  "modified": "2025-01-14T18:32:04Z",
  "published": "2025-01-14T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21321"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21321"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PG5P-WWP8-97G8

Vulnerability from github – Published: 2023-04-19 18:16 – Updated: 2023-04-19 18:16
VLAI
Summary
Debug mode leaks confidential data in Cilium
Details

Impact

When run in debug mode, Cilium may log sensitive information.

In particular, Cilium running in debug mode will log the values of headers if they match HTTP network policy rules. This issue affects Cilium versions:

  • 1.7. to 1.10. inclusive
  • 1.11.* before 1.11.16
  • 1.12.* before 1.12.9
  • 1.13.* before 1.13.2

In addition, Cilium 1.12. before 1.12.9 and 1.13. before 1.13.2., when running in debug mode, might log secrets used by the Cilium agent. This includes TLS private keys for Ingress and GatewayAPI resources, depending on the configuration of the affected cluster. Output of the confidential data would occur at Cilium agent restart, when the secrets are modified, and on creation of Ingress or GatewayAPI resources.

Patches

This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2.

Workarounds

Disable debug mode.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @meyskens for investigating and fixing the issue.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

As usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0"
            },
            {
              "last_affected": "1.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "1.12.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-19T18:16:51Z",
    "nvd_published_at": "2023-04-18T22:15:07Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nWhen run in debug mode, Cilium may log sensitive information.\n\nIn particular, Cilium running in debug mode will log the values of headers if they match HTTP network policy rules. This issue affects Cilium versions:\n\n- 1.7.* to 1.10.* inclusive\n- 1.11.* before 1.11.16\n- 1.12.* before 1.12.9\n- 1.13.* before 1.13.2\n\nIn addition, Cilium 1.12.* before 1.12.9 and 1.13.* before 1.13.2., when running in debug mode, might log secrets used by the Cilium agent. This includes TLS private keys for Ingress and GatewayAPI resources, depending on the configuration of the affected cluster. Output of the confidential data would occur at Cilium agent restart, when the secrets are modified, and on creation of Ingress or GatewayAPI resources.\n\n### Patches\n\nThis vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2.\n\n### Workarounds\nDisable debug mode.\n\n### Acknowledgements\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @meyskens for investigating and fixing the issue.\n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: [security@cilium.io](mailto:security@cilium.io) - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.\n",
  "id": "GHSA-pg5p-wwp8-97g8",
  "modified": "2023-04-19T18:16:51Z",
  "published": "2023-04-19T18:16:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29002"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Debug mode leaks confidential data in Cilium"
}

GHSA-PGF8-2HGJ-GRQG

Vulnerability from github – Published: 2026-05-07 00:05 – Updated: 2026-05-14 20:32
VLAI
Summary
Vercel: Non-interactive mode includes CLI arguments in suggested command output
Details

Summary

When the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included verbatim in those suggestions.

Conditions

All three must be true for the token to appear in output:

  1. Token passed as a CLI argument (--token / -t). The VERCEL_TOKEN environment variable is not affected.
  2. Non-interactive mode is active (explicit flag or AI agent auto-detection).
  3. The command cannot complete on its own (e.g. missing --yes, ambiguous scope, API errors). Successful commands produce no suggestion output.

Impact

The plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output.

Remediation

  • Upgrade to the patched version.
  • If developers have previously used --token with --non-interactive in their applications, review logs for exposed tokens and rotate them.
  • Prefer VERCEL_TOKEN environment variable for authentication.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 52.0.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "vercel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "50.16.0"
            },
            {
              "fixed": "52.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44479"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T00:05:20Z",
    "nvd_published_at": "2026-05-13T16:16:58Z",
    "severity": "MODERATE"
  },
  "details": "# Summary\n\nWhen the Vercel CLI runs in non-interactive mode (`--non-interactive` or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via `--token` or `-t` on the command line, the token value is included verbatim in those suggestions.\n\n# Conditions\n\nAll three must be true for the token to appear in output:\n\n1. Token passed as a CLI argument (`--token` / `-t`). The `VERCEL_TOKEN` environment variable is **not affected**.\n2. Non-interactive mode is active (explicit flag or AI agent auto-detection).\n3. The command cannot complete on its own (e.g. missing `--yes`, ambiguous scope, API errors). Successful commands produce no suggestion output.\n\n## Impact\n\nThe plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output.\n\n## Remediation\n\n- Upgrade to the patched version.\n- If developers have previously used `--token` with `--non-interactive` in their applications, review logs for exposed tokens and rotate them.\n- Prefer `VERCEL_TOKEN` environment variable for authentication.",
  "id": "GHSA-pgf8-2hgj-grqg",
  "modified": "2026-05-14T20:32:07Z",
  "published": "2026-05-07T00:05:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vercel/vercel/security/advisories/GHSA-pgf8-2hgj-grqg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44479"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vercel/vercel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vercel: Non-interactive mode includes CLI arguments in suggested command output"
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.