New deployments with vulnerable versions of the third-party package next-mdx-remote are now blocked by default

Published: 3 days ago (February 12, 2026 at 08:00 AM EST)

1 min read

Source: Vercel Blog

Announcement

Any new deployment containing a version of the third‑party package next-mdx-remote that is vulnerable to CVE‑2026‑0969 will now automatically fail to deploy on Vercel.

We strongly recommend upgrading to a patched version regardless of your hosting provider.

This automatic protection can be disabled by setting the DANGEROUSLY_DEPLOY_VULNERABLE_CVE_2026_0969=1 environment variable on your Vercel project. Learn more

Back to Blog

Browserbase joins the Vercel Agent Marketplace

Browserbase on the Vercel Marketplace Browserbasehttps://vercel.com/marketplace/browserbase is now available on the Vercel Marketplace, allowing teams to run b...

Use MiniMax M2.5 on AI Gateway

Overview MiniMax M2.5 is now available on AI Gateway. M2.5 plans before it builds, breaking down functions, structure, and UI design before writing code. It ha...

shadcn & ai give me superpower....

While working on the frontend of my project, I used shadcn/ui, and it has been a great experience. The components are clean, stable, and highly customizable. Si...

GNU Pies – Program Invocation and Execution Supervisor

The name Pies pronounced 'p-yes' stands for Program Invocation and Execution Supervisor. This utility starts and controls execution of external programs, called...

Announcement

Related posts

Browserbase joins the Vercel Agent Marketplace

Use MiniMax M2.5 on AI Gateway

shadcn & ai give me superpower....

GNU Pies – Program Invocation and Execution Supervisor