CVE-2026-7722 PrefectHQ prefect Health Check API health endswith improper authentication

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

Prefect 授权问题漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to changes in those pipelines. Prefect versions 3.6.21 and earlier have a vulnerability related to authorization. This vulnerability stems from improper...

PT-2026-36752

Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.22 Description Improper authentication in the Health Check API allows a remote attacker to perform a manipulation. This issue specifically impacts the endswith function within the '/api/health' endpoint...

BIT-ELK-2024-43710 Kibana server-side request forgery

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/healthcheck API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried...

CVE-2024-43710 Kibana server-side request forgery

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/healthcheck API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried...