Vercel will now automatically block new deployments that include vulnerable versions of the `next-mdx-remote` package, specifically those affected by CVE-2026-0969. Users are strongly advised to upgrade to a patched version, though this automatic protection can be optionally disabled.
Source: Vercel