Description
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 3.6.25.dev7 can resolve this issue. The patch is identified as 6a9d9918716ce4ee0297b69f3046f7067ef1faae. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PrefectHQ prefect releases a vulnerability affecting versions up to 3.6.25.dev6, where manipulation of the commit_sha and directories arguments in the GitRepository Pull handler can lead to argument injection. The injection can be triggered remotely and an exploit is publicly available, allowing an attacker to execute arbitrary commands on the system. The vendor has released a patch as part of version 3.6.25.dev7 to mitigate this issue.

Affected Systems

PrefectHQ prefect product versions up to and including 3.6.25.dev6 are susceptible. The issue is fixed in version 3.6.25.dev7 and later releases. The vulnerability specifically targets the GitRepository Pull feature in the Prefect runner storage module.

Risk and Exploitability

The CVSS score of 5.3 denotes moderate severity. The EPSS score is below 1%, indicating a low probability of exploitation in the current environment, and the vulnerability is not listed in CISA's KEV catalog. Based on the description, the attack vector appears to be remote through the Git repository pull operation, enabling an attacker to trigger argument injection and potentially execute arbitrary code.

Generated by OpenCVE AI on May 4, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PrefectHQ prefect to version 3.6.25.dev7 or later to apply the official fix.
  • If an upgrade cannot be performed immediately, block or restrict external GitRepository Pull access until the patch can be applied.
  • Monitor Prefect service logs for unexpected commands or directory changes and investigate any anomalous activity.

Generated by OpenCVE AI on May 4, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 3.6.25.dev7 can resolve this issue. The patch is identified as 6a9d9918716ce4ee0297b69f3046f7067ef1faae. It is advisable to upgrade the affected component. A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 3.6.25.dev7 can resolve this issue. The patch is identified as 6a9d9918716ce4ee0297b69f3046f7067ef1faae. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Mon, 04 May 2026 04:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 3.6.25.dev7 can resolve this issue. The patch is identified as 6a9d9918716ce4ee0297b69f3046f7067ef1faae. It is advisable to upgrade the affected component.
Title PrefectHQ prefect GitRepository Pull storage.py argument injection
First Time appeared Prefect
Prefect prefect
Weaknesses CWE-74
CWE-88
CPEs cpe:2.3:a:prefect:prefect:*:*:*:*:*:*:*:*
Vendors & Products Prefect
Prefect prefect
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Prefect Prefect
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T21:18:10.944Z

Reserved: 2026-05-03T09:18:22.828Z

Link: CVE-2026-7725

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-04T05:16:00.577

Modified: 2026-05-04T22:16:20.207

Link: CVE-2026-7725

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T22:30:09Z

Weaknesses