Skip to main content

Prefecthq Prefect

2 CVEs product

Monthly

CVE-2026-5366 CRITICAL Act Now

Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.

RCE Code Injection Prefecthq Prefect
NVD VulDB
CVSS 3.0
9.9
EPSS
0.6%
CVE-2026-3514 PyPI HIGH PATCH GHSA This Week

Authentication bypass in prefecthq/prefect 3.6.19 allows remote unauthenticated attackers to access sensitive API endpoints by naming resources with paths ending in 'health' or 'ready', exploiting overly broad suffix-matching in the auth middleware exemption logic. Confirmed exploitable per the huntr.com bounty disclosure and validated by the upstream patch which replaces suffix matching with exact path comparison. No public exploit identified at time of analysis, and no EPSS or KEV signal is provided in the available data.

Authentication Bypass Prefecthq Prefect
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
EPSS 1% CVSS 9.9
CRITICAL Act Now

Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.

RCE Code Injection Prefecthq Prefect
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Authentication bypass in prefecthq/prefect 3.6.19 allows remote unauthenticated attackers to access sensitive API endpoints by naming resources with paths ending in 'health' or 'ready', exploiting overly broad suffix-matching in the auth middleware exemption logic. Confirmed exploitable per the huntr.com bounty disclosure and validated by the upstream patch which replaces suffix matching with exact path comparison. No public exploit identified at time of analysis, and no EPSS or KEV signal is provided in the available data.

Authentication Bypass Prefecthq Prefect
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy