Vibe-Coding Radar: New Integrations, One Real CVE
Lovable's new AI-assistant and identity integrations, a patched CVE in React Server Components, and an axios supply-chain hit — what founders need to check this week.
Lovable shipped three features this week that change who — and what — can act inside your app. Vercel patched a real CVE in a core Next.js piece. And a compromised npm package reminded everyone that dependencies are part of the attack surface too. Here's what it means if you shipped with an AI builder.
TL;DR
- Lovable apps can now auto-recognize workspace users, let AI assistants like ChatGPT call your app's actions, and let each user connect their own third-party account. Three new places where permissions need to be right, not just present.
- Vercel patched CVE-2026-23869, a CVSS 7.5 denial-of-service bug in React Server Components. A WAF rule is live, but the real fix is an upgrade.
- The
axiosnpm package was compromised in a supply chain attack discovered March 31, 2026. Check your lockfile.- A developer who cleans up vibe-coded apps for a living says secrets committed to the repo show up in almost every project he opens.
Lovable widens what your app can do
Three changes landed in quick succession. Workspace identity reuse lets an app built for your team recognize whoever is already signed in to Lovable — no separate login page. Good for internal tools, but it means the app's access boundary is now "anyone in this Lovable workspace," not "anyone I explicitly invited." Know who's in your workspace before you turn this on.
Agent integrations let a published app be called by AI assistants like ChatGPT and Claude, not just browsers. Your app's functions become actions an assistant can invoke on a user's behalf. That's a new caller with its own trust assumptions — scope each action narrowly and make sure it still respects the calling user's permissions, not a blanket API key.
App user connectors are the good news: each user of a multi-tenant app now connects their own third-party account instead of everyone sharing one connection. If your app has been using a single shared account for every visitor, this is the pattern to move to.
A real CVE landed: patch it, don't just rely on the WAF
CVE-2026-23869 is a CVSS 7.5 denial-of-service vulnerability in React Server Components. A specially crafted request to an App Router Server Function endpoint can trigger excessive CPU use. Vercel deployed WAF rules automatically to protect hosted projects, but their own advisory is explicit: don't rely on the WAF alone. If your app uses the App Router, upgrade to a patched version now.
Supply chain: check what's in your lockfile
The axios package — used in a huge share of AI-generated apps for HTTP requests — was compromised in an active supply chain attack discovered March 31, 2026. npm pulled the bad versions and latest now points to the safe axios@1.14.0. Vercel says no Vercel systems were affected and blocked outbound traffic to the attacker's command-and-control domain from its build infrastructure. If your project installed axios during the compromise window, the bad version could still be sitting in your lockfile. Run your package manager's audit command and confirm you're on 1.14.0 or later.
What actually breaks vibe-coded apps
A developer who spends his year fixing AI-built apps for launch lists the same problems every time. Top of the list: secrets in the code — API keys in the frontend or committed straight to the repo. His advice is blunt: search your own code for sk-, secret, and password. If real values come up, rotate them today, not after launch. A separate post in the same community shares a pre-launch audit prompt that asks your AI assistant to review its own work skeptically before you ship. It's a decent first pass — treat it as a checklist, not a guarantee.
FAQ
Does adding agent integrations to my Lovable app create a security risk?
Not inherently, but it adds a new caller. Anything with access to the connected assistant can trigger the actions you've exposed. Scope each action narrowly and make sure it enforces the same permissions a logged-in user would have.
I don't think I'm affected by CVE-2026-23869 — do I still need to check?
Only if you're running the App Router on an unpatched version. Vercel's WAF blocks known attack patterns automatically for hosted projects, but the fix is an upgrade, not the WAF. Check your Next.js version.
How do I know if I'm using the compromised axios version?
Check your lockfile against the compromised range flagged by security researchers, then run npm audit (or your package manager's equivalent) and update to axios 1.14.0 or later.
The bottom line
Every feature that lets your app do more — auto-login, assistant integrations, per-user connections — is also a feature that lets more things act on your users' behalf. That's not a reason to avoid them. It's a reason to check the scopes before you ship. Pair that with the boring stuff that never goes away: patch known CVEs, check your lockfile after a supply chain incident, and grep your repo for secrets before launch day, not after.
Find your gaps before an attacker does.
Is My Site Hackable? scans your deployed app for the exact issues in this article — exposed keys, missing RLS, open buckets — and tells you what's real and what's a false alarm.
Run a free scan →