CVE-2026-5366

Name of the Vulnerable Software and Affected Versions Prefect version 3.6.23

Description Remote code execution is possible due to improper handling of user-controlled input within the GitRepository storage class. The commit sha parameter is passed to git commands without validation or the use of a -- separator to distinguish user input from git flags. This allows the injection of arbitrary git flags, such as --upload-pack, to execute external programs. Furthermore, the directories parameter can be exploited to inject git flags during sparse-checkout operations. Users with deployment creation permissions can leverage these flaws to execute arbitrary commands on worker machines, which may compromise shared work pools in multi-tenant environments.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.