Any new deployment containing a version of next-mdx-remote that is vulnerable to CVE-2026-0969 will now automatically fail to deploy on Vercel.

Vercel is a platform for deploying modern web applications with speed and simplicity, offering developers a seamless experience for hosting and scaling their projects. With features like instant deployment, serverless functions, and global CDN, Vercel empowers developers to focus on building great user experiences without worrying about infrastructure management.

Vercel

Vercel now automatically blocks deployments using vulnerable versions of next-mdx-remote affected by CVE-2026-0969. Users should upgrade to patched versions, though the protection can be disabled via an environment variable if needed.

New deployments with vulnerable versions of the third-party package next-mdx-remote are now blocked by default