Is there a public PoC exploit available for CVE-2026-7722?

Yes, a public proof-of-concept exploit is available for CVE-2026-7722. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-7722?

Yes, a patch is available for CVE-2026-7722. Update the affected software to the latest version immediately.

Prefect CVE-2026-7722

Q: What is the CVSS score of CVE-2026-7722?

CVE-2026-7722 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26875 MEDIUM

Improper Authentication (CWE-287)

2026-05-04 VulDB

Authentication Bypass

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:18 vuln.today

Public exploit code

Source Code Evidence Fetched

May 04, 2026 - 03:30 vuln.today

Analysis Generated

May 04, 2026 - 03:30 vuln.today

CVSS changed

May 04, 2026 - 03:22 NVD

5.3 (MEDIUM) 5.5 (MEDIUM)

EUVD ID Assigned

May 04, 2026 - 03:00 euvd

EUVD-2026-26875

Analysis Generated

May 04, 2026 - 03:00 vuln.today

Patch released

May 04, 2026 - 03:00 nvd

Patch available

CVE Published

May 04, 2026 - 02:15 nvd

MEDIUM 5.5

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

2 pypi packages depend on prefect (2 direct, 1 indirect)

Ecosystem-wide dependent count for version 3.6.22.

DescriptionNVD

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and may be used. Upgrading to version 3.6.22 will fix this issue. Upgrading the affected component is recommended.

AnalysisAI

Authentication bypass in Prefect up to version 3.6.21 allows remote unauthenticated attackers to access the Health Check API endpoint by manipulating the request path suffix matching logic. The vulnerability affects the /api/health endpoint's improper authentication validation using the endswith() function, enabling attackers to craft requests that bypass authentication checks. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7722 vulnerability details – vuln.today

Back

Prefect CVE-2026-7722

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Prefect CVE-2026-7722

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code