Is there a public PoC exploit available for CVE-2026-7723?

Yes, a public proof-of-concept exploit is available for CVE-2026-7723. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-7723?

Yes, a patch is available for CVE-2026-7723. Update the affected software to the latest version immediately.

Prefect CVE-2026-7723

Q: What is the CVSS score of CVE-2026-7723?

CVE-2026-7723 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26877 MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-05-04 VulDB

Authentication Bypass

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:18 vuln.today

Public exploit code

Source Code Evidence Fetched

May 04, 2026 - 03:30 vuln.today

Analysis Generated

May 04, 2026 - 03:30 vuln.today

Severity Changed

May 04, 2026 - 03:22 NVD

HIGH MEDIUM

CVSS changed

May 04, 2026 - 03:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

EUVD ID Assigned

May 04, 2026 - 03:00 euvd

EUVD-2026-26877

Analysis Generated

May 04, 2026 - 03:00 vuln.today

Patch released

May 04, 2026 - 03:00 nvd

Patch available

CVE Published

May 04, 2026 - 02:30 nvd

MEDIUM 5.5

DescriptionNVD

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 3.6.14 is able to address this issue. This patch is called 0d3ab3c2d3f9f98abfafdf7b9f6d4f8ed3925e40. It is recommended to upgrade the affected component.

AnalysisAI

Authentication bypass in Prefect WebSocket endpoint /api/events/in allows unauthenticated remote attackers to send events without valid credentials in versions up to 3.6.13. The vulnerability exploits missing authentication validation on the WebSocket connection handshake, allowing attackers to interact with the events API when authentication is configured. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7723 vulnerability details – vuln.today

Back

Prefect CVE-2026-7723

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Prefect CVE-2026-7723

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code