CVE-2026-7725
Deferred Deferred - Pending Action
Git Repository Pull Handler Argument Injection in PrefectHQ

Publication date: 2026-05-04

Last updated on: 2026-05-05

Assigner: VulDB

Description
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 3.6.25.dev7 can resolve this issue. The patch is identified as 6a9d9918716ce4ee0297b69f3046f7067ef1faae. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-05
Generated
2026-05-07
AI Q&A
2026-05-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-7725
EUVD
EUVD-2026-26880
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
prefecthq prefect to 3.6.25.dev6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-7725 is a git argument injection vulnerability in the PrefectHQ prefect repository affecting the GitRepository pull steps. The vulnerability arises because user-controlled inputs, specifically the commit_sha and directory arguments, were passed directly as positional arguments to git subprocess commands without proper validation. This allowed attackers to inject malicious git command flags remotely, potentially leading to remote code execution on worker machines processing deployments.

The vulnerability was fixed by adding input validation to ensure commit_sha values are valid hexadecimal strings between 4 and 64 characters, rejecting flag injection attempts. Additionally, a double dash (`--`) separator was introduced in git commands to prevent directory names starting with `--` from being interpreted as command-line options, mitigating path injection risks.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing a remote attacker to execute arbitrary commands on the worker machines that process deployments using Prefect's GitRepository pull functionality. By injecting malicious git command flags through the commit_sha or directory arguments, an attacker could gain unauthorized control or cause unintended actions on your systems.

Such remote code execution risks can lead to system compromise, data breaches, or disruption of workflow orchestration processes.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves argument injection via the commit_sha and directories parameters in GitRepository pull steps, which can lead to remote code execution. Detection can focus on identifying suspicious or malformed commit_sha values or directory names that start with '--' which are used to inject commands.

You can monitor logs or intercept git commands executed by Prefect workers to check for commit_sha values that do not match the expected hexadecimal pattern (4-64 characters) or directory names starting with '--'.

Example commands to detect suspicious usage might include:

  • Checking git commands in logs for commit_sha values containing unexpected flags or shell commands, e.g., grep for '--upload-pack' or other suspicious strings.
  • Validating commit_sha values with a regex pattern to ensure they are hexadecimal strings of length 4 to 64 characters, e.g., using grep or a script: `grep -E '^[0-9a-fA-F]{4,64}$'`.
  • Searching for directory names starting with '--' in configuration or runtime parameters to detect potential injection attempts.

What immediate steps should I take to mitigate this vulnerability?

The primary mitigation step is to upgrade PrefectHQ prefect to version 3.6.25.dev7 or later, which includes the patch that fixes this vulnerability.

The patch introduces input validation for commit_sha to ensure it matches a hexadecimal pattern and adds a '--' separator in git commands to prevent argument injection.

Additionally, review and sanitize any user-controlled inputs related to commit_sha and directory names to avoid injection of malicious flags or commands.

Monitor for warnings about directory names starting with '--' as the patched version emits UserWarnings to alert about suspicious directory names.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart