CVE-2026-7725: Argument Injection in PrefectHQ prefect
CVE-2026-7725 is a medium severity vulnerability in PrefectHQ prefect versions up to 3. 6. 25. dev6. It involves argument injection through manipulation of the commit_sha or directories arguments in the GitRepository Pull Handler component. The vulnerability can be exploited remotely without user interaction. An exploit has been publicly disclosed. Upgrading to version 3. 6. 25.
AI Analysis
Technical Summary
This vulnerability affects the GitRepository Pull Handler in PrefectHQ prefect up to version 3.6.25.dev6, where improper handling of the commit_sha or directories arguments allows an attacker to perform argument injection. This can be triggered remotely and may lead to unintended command or code execution within the affected component. The issue is fixed in version 3.6.25.dev7, with the patch identified by commit 6a9d9918716ce4ee0297b69f3046f7067ef1faae.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to inject arguments remotely, potentially leading to unauthorized actions or code execution within the affected component. The CVSS 4.0 base score is 5.3, indicating a medium impact with network attack vector, low complexity, no privileges required, and no user interaction needed. Confidentiality, integrity, and availability impacts are rated low.
Mitigation Recommendations
A fix is available by upgrading PrefectHQ prefect to version 3.6.25.dev7, which addresses this argument injection vulnerability. It is strongly recommended to apply this upgrade to mitigate the risk. No other vendor advisory or temporary mitigations are provided.
CVE-2026-7725: Argument Injection in PrefectHQ prefect
Description
CVE-2026-7725 is a medium severity vulnerability in PrefectHQ prefect versions up to 3. 6. 25. dev6. It involves argument injection through manipulation of the commit_sha or directories arguments in the GitRepository Pull Handler component. The vulnerability can be exploited remotely without user interaction. An exploit has been publicly disclosed. Upgrading to version 3. 6. 25.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the GitRepository Pull Handler in PrefectHQ prefect up to version 3.6.25.dev6, where improper handling of the commit_sha or directories arguments allows an attacker to perform argument injection. This can be triggered remotely and may lead to unintended command or code execution within the affected component. The issue is fixed in version 3.6.25.dev7, with the patch identified by commit 6a9d9918716ce4ee0297b69f3046f7067ef1faae.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to inject arguments remotely, potentially leading to unauthorized actions or code execution within the affected component. The CVSS 4.0 base score is 5.3, indicating a medium impact with network attack vector, low complexity, no privileges required, and no user interaction needed. Confidentiality, integrity, and availability impacts are rated low.
Mitigation Recommendations
A fix is available by upgrading PrefectHQ prefect to version 3.6.25.dev7, which addresses this argument injection vulnerability. It is strongly recommended to apply this upgrade to mitigate the risk. No other vendor advisory or temporary mitigations are provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-03T09:18:22.828Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f81ef8cbff5d8610b05bdb
Added to database: 5/4/2026, 4:22:16 AM
Last enriched: 5/4/2026, 4:36:37 AM
Last updated: 5/4/2026, 5:31:48 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.