CVE-2026-5366
Git Argument Injection in prefecthq/prefect
Description
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.
INFO
Published Date :
June 20, 2026, 4:43 p.m.
Last Modified :
June 20, 2026, 4:43 p.m.
Remotely Exploit :
No
Source :
@huntr_ai
Affected Products
The following products are affected by CVE-2026-5366
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update Prefect to a secure version.
- Validate all user-supplied git parameters.
- Ensure git commands use proper argument separation.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-5366 vulnerability anywhere in the article.