CVE-2026-3515
published 2026-05-24CVE-2026-3515: A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git…
PriorityP359high8.5CVSS 3.0
AVNACLPRLUINSCCHILAN
EPSS
0.30%
21.4th percentile
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prefecthq | prefecthq_prefect | 0 – 3.6.18 | — |
| prefecthq | prefecthq_prefect | unspecified – latest | — |
CVSS provenance
nvdv3.08.5HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
cvelistv5v3.08.5HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Prefect has an Argument Injection issue
ghsa·2026-05-26
CVE-2026-3515 [HIGH] CWE-88 Prefect has an Argument Injection issue
Prefect has an Argument Injection issue
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command con
GHSA
GHSA-cw25-2p92-7f75: A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3
ghsa_unreviewed·2026-05-26
CVE-2026-3515 [HIGH] CWE-88 GHSA-cw25-2p92-7f75: A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach.
CVEList
Argument Injection in prefecthq/prefect
cvelistv5·2026-05-24·CVSS 8.5
CVE-2026-3515 [HIGH] CWE-88 Argument Injection in prefecthq/prefect
Argument Injection in prefecthq/prefect
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command con
VulDB
prefecthq prefect up to 3.6.18 repository.py shlex.split reference argument injection
vuldb·2026-05-24
CVE-2026-3515 [CRITICAL] prefecthq prefect up to 3.6.18 repository.py shlex.split reference argument injection
A vulnerability identified as critical has been detected in prefecthq prefect up to 3.6.18. This affects the function shlex.split of the file src/integrations/prefect-github/prefect_github/repository.py. Performing a manipulation of the argument reference results in argument injection.
This vulnerability is reported as CVE-2026-3515. The attack is possible to be carried out remotely. No exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-24
Published