CVE-2026-7723

🗓️ 04 May 2026 02:30:18Reported by VulDBType

CVE-2026-7723 in PrefectHQ WebSocket endpoint allows missing authentication via remote access; upgrade to 3.6.14.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-7723	4 May 202602:30	–	attackerkb
Circl	CVE-2026-7723	4 May 202607:01	–	circl
CNNVD	Prefect 授权问题漏洞	4 May 202600:00	–	cnnvd
Cvelist	CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication	4 May 202602:30	–	cvelist
EUVD	EUVD-2026-26877	4 May 202602:30	–	euvd
Github Security Blog	Prefect Unauthenticated Event Injection via /api/events/in WebSocket	4 May 202603:31	–	github
NVD	CVE-2026-7723	4 May 202603:16	–	nvd
OSV	GHSA-HVPH-5985-R63V Prefect Unauthenticated Event Injection via /api/events/in WebSocket	4 May 202603:31	–	osv
Positive Technologies	PT-2026-36753	4 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-7723	5 Jun 202619:39	–	redhatcve

Vulners

Node

prefecthq prefectMatch3.6.0

prefecthq prefectMatch3.6.1

prefecthq prefectMatch3.6.2

prefecthq prefectMatch3.6.3

prefecthq prefectMatch3.6.4

prefecthq prefectMatch3.6.5

prefecthq prefectMatch3.6.6

prefecthq prefectMatch3.6.7

prefecthq prefectMatch3.6.8

prefecthq prefectMatch3.6.9

prefecthq prefectMatch3.6.10

prefecthq prefectMatch3.6.11

prefecthq prefectMatch3.6.12

prefecthq prefectMatch3.6.13

[
  {
    "vendor": "PrefectHQ",
    "product": "prefect",
    "versions": [
      {
        "version": "3.6.0",
        "status": "affected"
      },
      {
        "version": "3.6.1",
        "status": "affected"
      },
      {
        "version": "3.6.2",
        "status": "affected"
      },
      {
        "version": "3.6.3",
        "status": "affected"
      },
      {
        "version": "3.6.4",
        "status": "affected"
      },
      {
        "version": "3.6.5",
        "status": "affected"
      },
      {
        "version": "3.6.6",
        "status": "affected"
      },
      {
        "version": "3.6.7",
        "status": "affected"
      },
      {
        "version": "3.6.8",
        "status": "affected"
      },
      {
        "version": "3.6.9",
        "status": "affected"
      },
      {
        "version": "3.6.10",
        "status": "affected"
      },
      {
        "version": "3.6.11",
        "status": "affected"
      },
      {
        "version": "3.6.12",
        "status": "affected"
      },
      {
        "version": "3.6.13",
        "status": "affected"
      },
      {
        "version": "3.6.14",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:prefect:prefect:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "WebSocket Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/submit/807256
gist	www.gist.github.com/nedlir/f1ab8aa038aafbcc6beeef21fab1d74f
vuldb	www.vuldb.com/vuln/360899
github	www.github.com/PrefectHQ/prefect/pull/20372
github	www.github.com/PrefectHQ/prefect/commit/f8afecadf88ea5f73694dafa3a365b9d8fae1ad6
github	www.github.com/PrefectHQ/prefect/
github	www.github.com/PrefectHQ/prefect/releases/tag/3.6.14
vuldb	www.vuldb.com/vuln/360899/cti

04 May 2026 22:16Current

6.5Medium risk

Vulners AI Score6.5

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3

EPSS0.00147

SSVC