EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

abm-colony-collection (>=0.1.0 <=0.5.0), abm-initialization-collection (>=0.1.0 <=0.7.0) +108 more potentially affected by CVE-2026-7724 via prefect (>=0.9.2 <=3.6.22)

prefect PYPI version =0.9.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.16.0, =0.0.126, =0.1.0, =1.0.4, =3.4.0, =0.4.0b0, =0.1.11, =0.1.0, =0.5.0 and more Source cves: CVE-2026-7724 Source advisory: OSV:GHSA-P3PQ-HXMR-VQQR...

CVE-2024-8183

A CORS Cross-Origin Resource Sharing misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and...

PT-2025-12222

Name of the Vulnerable Software and Affected Versions prefecthq/prefect version 2.20.2 Description A CORS Cross-Origin Resource Sharing misconfiguration allows unauthorized domains to access sensitive data, potentially leading to unauthorized access to the database. This can result in data leaks,...