CVE-2026-5366
published 2026-06-20CVE-2026-5366: Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The…
PriorityP267critical9.9CVSS 3.0
AVNACLPRLUINSCCHIHAH
EPSS
0.57%
42.7th percentile
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prefecthq | prefecthq_prefect | unspecified – latest | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
prefecthq prefect up to 3.6.23 commit_sha code injection (EUVD-2026-38128)
vuldb·2026-06-20·CVSS 9.9
CVE-2026-5366 [CRITICAL] prefecthq prefect up to 3.6.23 commit_sha code injection (EUVD-2026-38128)
A vulnerability was found in prefecthq prefect up to 3.6.23. It has been rated as critical. This affects an unknown part. Performing a manipulation of the argument commit_sha results in code injection.
This vulnerability is identified as CVE-2026-5366. The attack can be initiated remotely. There is not any exploit available.
It is suggested to install a patch to address this issue.
GHSA
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class.
ghsa_unreviewed·2026-06-20
CVE-2026-5366 [CRITICAL] CWE-94 Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class.
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-20
Published