They might be referring to another Vercel vulnerability that allowed anyone to bypass their auth with relative ease due to poor engineering practices:

https://nvd.nist.gov/vuln/detail/CVE-2025-29927

That plus the most recent react one, and you have a culture that does not care for their customers but rather chasing fads to help greedy careers.