Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,24 +1,52 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7pm4-56h2-5rxr",
"modified": "2026-06-20T18:31:29Z",
"modified": "2026-06-20T18:31:35Z",
"published": "2026-06-20T18:31:29Z",
"aliases": [
"CVE-2026-5366"
],
"details": "Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.",
"summary": "Git Flag Injection via commit_sha and directories Parameters Leading to Remote Code Execution (RCE)",
"details": "Prefect version <=3.6.24 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "prefect"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.25"
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "<= 3.6.24"
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5366"
},
{
"type": "PACKAGE",
"url": "https://github.com/prefecthq/prefect"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e2e88a0f-a8f6-49c9-94c5-e98dc385f07a"
Expand Down