Vercel discovered and patched an information disclosure vulnerability in the Flags SDK , affecting versions: flags ≤ 3.2.0 @vercel/flags ≤ 3.1.1 This is being tracked as CVE-2025-46332 . We have published an automatic mitigation for the default configuration of the Flags SDK on Vercel . We recommend upgrading to flags@4.0.0 (or migrating from @vercel/flags to flags ) to remediate the issue. Further guidance can be found in the upgrade guide . Link to heading Impact and analysis A malicious actor could determine the following under specific conditions: Flag names Flag descriptions Available options and their labels (e.g. true , false ) Default flag values Flags providers were not accessible. No write access nor additional customer data was exposed, this is limited to the values noted above.…