A low-severity security vulnerability in Vercel's AI SDK was responsibly disclosed, and has been fixed for 5.0.52, 6.0.0-beta.* The issue may have allowed users to bypass filetype whitelists when uploading files. Vercel customers are encouraged to upgrade to the latest version. Read more details below. Link to heading Summary Vulnerability in Vercel's AI SDK prompt conversion pipeline where improper URL-to-data mapping allows attackers to substitute arbitrary downloaded bytes for different supported URLs within the same prompt. The vulnerability occurs in the convert-to-language-model-prompt.ts file when filtering downloaded results could cause index misalignment between the downloadedFiles array and the original plannedDownloads array. Link to heading Impact When processing mixed supported and unsupported URLs, the filtering operation removes null entries for supported URLs, causing the remaining downloaded data to be incorrectly associated with different URL keys.…