Skip to main content

Prefect

5 CVEs product

Monthly

CVE-2026-7725 PyPI LOW POC PATCH Monitor

Argument injection in Prefect up to 3.6.25.dev6 allows authenticated attackers to execute arbitrary git commands via specially crafted commit_sha or directories parameters in the GitRepository Pull Handler (src/prefect/runner/storage.py). An attacker can inject git flags like --upload-pack or --config to achieve remote code execution with the privileges of the Prefect runner process. Publicly available exploit code exists, and the vendor has released a patched version (3.6.25.dev7) that validates commit SHA format and adds command-line argument separators to block injection.

Code Injection Prefect
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7724 PyPI LOW POC PATCH Monitor

Time-of-check time-of-use (TOCTOU) vulnerability in Prefect's validate_restricted_url function allows remote attackers with low privileges to bypass Server-Side Request Forgery (SSRF) protections via DNS rebinding attacks during webhook and notification delivery. Publicly available exploit code exists. The vulnerability affects Prefect versions up to 3.6.28.dev1 and is fixed in 3.6.28.dev2.

Information Disclosure Prefect
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.1%
CVE-2026-7723 PyPI MEDIUM POC PATCH This Month

Authentication bypass in Prefect WebSocket endpoint /api/events/in allows unauthenticated remote attackers to send events without valid credentials in versions up to 3.6.13. The vulnerability exploits missing authentication validation on the WebSocket connection handshake, allowing attackers to interact with the events API when authentication is configured. A publicly available exploit exists; vendor patch version 3.6.14 addresses this by implementing mandatory subprotocol-based authentication handshake.

Authentication Bypass Prefect
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-7722 PyPI MEDIUM POC PATCH This Month

Authentication bypass in Prefect up to version 3.6.21 allows remote unauthenticated attackers to access the Health Check API endpoint by manipulating the request path suffix matching logic. The vulnerability affects the /api/health endpoint's improper authentication validation using the endswith() function, enabling attackers to craft requests that bypass authentication checks. Publicly available exploit code exists and the vendor has released patch version 3.6.22.

Authentication Bypass Prefect
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2023-6022 PyPI HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Prefect
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Argument injection in Prefect up to 3.6.25.dev6 allows authenticated attackers to execute arbitrary git commands via specially crafted commit_sha or directories parameters in the GitRepository Pull Handler (src/prefect/runner/storage.py). An attacker can inject git flags like --upload-pack or --config to achieve remote code execution with the privileges of the Prefect runner process. Publicly available exploit code exists, and the vendor has released a patched version (3.6.25.dev7) that validates commit SHA format and adds command-line argument separators to block injection.

Code Injection Prefect
NVD GitHub VulDB
EPSS 0% CVSS 1.3
LOW POC PATCH Monitor

Time-of-check time-of-use (TOCTOU) vulnerability in Prefect's validate_restricted_url function allows remote attackers with low privileges to bypass Server-Side Request Forgery (SSRF) protections via DNS rebinding attacks during webhook and notification delivery. Publicly available exploit code exists. The vulnerability affects Prefect versions up to 3.6.28.dev1 and is fixed in 3.6.28.dev2.

Information Disclosure Prefect
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Authentication bypass in Prefect WebSocket endpoint /api/events/in allows unauthenticated remote attackers to send events without valid credentials in versions up to 3.6.13. The vulnerability exploits missing authentication validation on the WebSocket connection handshake, allowing attackers to interact with the events API when authentication is configured. A publicly available exploit exists; vendor patch version 3.6.14 addresses this by implementing mandatory subprotocol-based authentication handshake.

Authentication Bypass Prefect
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Authentication bypass in Prefect up to version 3.6.21 allows remote unauthenticated attackers to access the Health Check API endpoint by manipulating the request path suffix matching logic. The vulnerability affects the /api/health endpoint's improper authentication validation using the endswith() function, enabling attackers to craft requests that bypass authentication checks. Publicly available exploit code exists and the vendor has released patch version 3.6.22.

Authentication Bypass Prefect
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Prefect
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy