Home / Security updates / Security Advisory - Vercel April 2026 Security Incident
Security Advisory - Vercel April 2026 Security Incident
Security updates detail rendered from /security-updates/upd_76ecab99fa9a0105.
Overview
| ID | upd_76ecab99fa9a0105 |
| Collection | Security Updates |
| Provider | TrustShare (TrustCloud / Kintent) |
| Company | Cribl |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_76ecab99fa9a0105 |
| providerId | trustshare |
| organizationId | org_db5a178977544c0d |
| trustCenterId | tc_3321b21a903010d8 |
| title | Security Advisory - Vercel April 2026 Security Incident |
| type | security_advisory |
| message | Summary Cribl is aware of Vercel’s April 2026 security incident involving unauthorized access to certain internal Vercel systems. According to Vercel, the incident originated from a compromise of a third-party AI tool used by a Vercel employee, which enabled takeover of the employee’s Google Workspace account and access to some Vercel environments and environment variables not marked as sensitive. Vercel states that a limited subset of customers had compromised credentials and were contacted directly. Impact to Cribl At this time, Cribl has found no evidence that this incident affected Cribl production services, customer data, or Cribl managed secrets. As a precaution, Cribl has reviewed Vercel related configurations, recent deployment activity, and credentials associated with Vercel-hosted workflows. Affected Products No Cribl products are known to be affected at this time. Actions Cribl Has Taken Cribl reviewed whether any services or workflows rely on Vercel hosted assets, validated whether any credentials may have existed in Vercel environment variables, reviewed recent activity for suspicious changes, and initiated precautionary credential rotation where appropriate. Recommended Customer Actions Cribl customers do not need to take action unless they independently use Vercel. Customers who use Vercel should review Vercel’s published guidance, review logs and deployments, rotate relevant credentials, and check Google Workspace or Google account OAuth activity for the IOC published by Vercel. Current Status Cribl continues to monitor this incident and will update this advisory if material new information becomes available. Vercel states that its services remain operational and that its investigation is ongoing. For any questions, contact [email protected]. |
| publishedAt | 2026-04-20 |
| gated | no |
| source | {
"field": "trustshare/notifications[]"
} |
| company | {
"id": "org_db5a178977544c0d",
"name": "Cribl",
"domains": [
"trust.cribl.io",
"cribl.io"
]
} |
| trust_center | {
"id": "tc_3321b21a903010d8",
"name": "Cribl",
"url": "https://trust.cribl.io",
"host": "trust.cribl.io"
} |
| provider | {
"id": "trustshare",
"name": "TrustShare (TrustCloud / Kintent)"
} |
| links | {
"self": "/v1/security-updates/upd_76ecab99fa9a0105",
"company": "/v1/companies/org_db5a178977544c0d",
"trust_center": "/v1/trust-centers/tc_3321b21a903010d8",
"provider": "/v1/providers/trustshare"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_76ecab99fa9a0105JSON