Skip to main content

Prefect CVE-2026-7722

| EUVDEUVD-2026-26875 MEDIUM
Improper Authentication (CWE-287)
2026-05-04 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
PoC Detected
May 04, 2026 - 15:18 vuln.today
Public exploit code
Source Code Evidence Fetched
May 04, 2026 - 03:30 vuln.today
Analysis Generated
May 04, 2026 - 03:30 vuln.today
CVSS changed
May 04, 2026 - 03:22 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)
EUVD ID Assigned
May 04, 2026 - 03:00 euvd
EUVD-2026-26875
Analysis Generated
May 04, 2026 - 03:00 vuln.today
Patch released
May 04, 2026 - 03:00 nvd
Patch available
CVE Published
May 04, 2026 - 02:15 nvd
MEDIUM 5.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 pypi packages depend on prefect (2 direct, 1 indirect)

Ecosystem-wide dependent count for version 3.6.22.

DescriptionCVE.org

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and may be used. Upgrading to version 3.6.22 will fix this issue. Upgrading the affected component is recommended.

AnalysisAI

Authentication bypass in Prefect up to version 3.6.21 allows remote unauthenticated attackers to access the Health Check API endpoint by manipulating the request path suffix matching logic. The vulnerability affects the /api/health endpoint's improper authentication validation using the endswith() function, enabling attackers to craft requests that bypass authentication checks. Publicly available exploit code exists and the vendor has released patch version 3.6.22.

Technical ContextAI

Prefect's Health Check API middleware used suffix-based path matching via request.url.path.endswith(("health", "ready")) to exempt health probe requests from authentication. This implementation is vulnerable to two attack vectors: first, attacker-controlled paths ending in "health" or "ready" (e.g., /api/variables/name/system-health) would bypass authentication despite not being legitimate health endpoints; second, HTTP Host header manipulation could spoof the request.url.path value, allowing attackers to craft paths that appear to end with health/ready while accessing protected endpoints. The root cause is CWE-287 (Improper Authentication), stemming from reliance on URL suffix matching rather than exact path validation and trusting request.url.path which can be reconstructed from the Host header. The fix changes to exact path matching using scope["path"] (which is not spoofable) against a predefined set {/health, /ready}, eliminating both bypass vectors.

RemediationAI

Upgrade to Prefect version 3.6.22 or later immediately. The patched version replaces suffix-based path matching with exact path comparison against a whitelist of {/health, /ready} endpoints and uses scope["path"] instead of request.url.path to prevent Host header spoofing. For organizations unable to upgrade immediately, implement network-level access controls by restricting access to the /api/health and /api/ready endpoints to trusted health probe sources only (e.g., Kubernetes node IPs, monitoring infrastructure). This workaround requires identifying all legitimate health probe clients and maintaining firewall rules accordingly, with the trade-off that legitimate probes from unexpected sources will be blocked. Additionally, disable authentication exemption entirely by removing the PREFECT_SERVER_API_AUTH_STRING setting if health probes can be configured to provide credentials, though this may require changes to monitoring infrastructure. Patch availability is confirmed: vendor-released patch version 3.6.22 at https://github.com/PrefectHQ/prefect/releases/tag/3.6.22.

Share

CVE-2026-7722 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy