Any new deployment containing a version of the third-party package next-mdx-remote that is vulnerable to CVE-2026-0969 will now automatically fail to deploy on Vercel.

We strongly recommend upgrading to a patched version regardless of your hosting provider.

This automatic protection can be disabled by setting the DANGEROUSLY_DEPLOY_VULNERABLE_CVE_2026_0969=1 environment variable on your Vercel project. Learn more