CVE-2026-5366
Received Received - Intake
Remote Code Execution in Prefect 3.6.23

Publication date: 2026-06-20

Last updated on: 2026-06-20

Assigner: huntr.dev

Description
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-20
Last Modified
2026-06-20
Generated
2026-06-20
AI Q&A
2026-06-20
EPSS Evaluated
N/A
NVD
CVE-2026-5366
EUVD
EUVD-2026-38128
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
prefect prefect 3.6.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Prefect version 3.6.23 has a vulnerability in its GitRepository storage class that allows remote code execution. This happens because the commit_sha parameter, which is used in git commands, does not properly validate user input and lacks a separator to distinguish user input from git flags. Attackers can exploit this by injecting arbitrary git flags, such as --upload-pack, which can lead to execution of external programs.

Additionally, the directories parameter can be exploited to inject git flags during sparse-checkout operations. These issues allow any user with deployment creation permissions to execute arbitrary commands on worker machines.

This vulnerability is especially dangerous in multi-tenant environments where shared work pools can be compromised.

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on worker machines. An attacker with deployment creation permissions can run arbitrary commands, potentially leading to full compromise of the affected systems.

In multi-tenant environments, this can compromise shared work pools, affecting multiple users or tenants.

The vulnerability has a high severity score (CVSS 9.9), indicating critical impact on confidentiality, integrity, and availability.

Compliance Impact

The vulnerability allows remote code execution by attackers with deployment creation permissions, potentially leading to unauthorized access and control over worker machines in multi-tenant environments.

Such unauthorized access and control could result in breaches of confidentiality, integrity, and availability of data, which are critical aspects of compliance with standards like GDPR and HIPAA.

Therefore, exploitation of this vulnerability could lead to non-compliance with these regulations due to potential data breaches and failure to protect sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5366. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart