CVE-2026-3515

HIGH 8.5

Argument Injection in prefecthq/prefect

CVSS Score

8.5

EPSS Score

0.1%

EPSS Percentile

26th

A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach.

CWE	CWE-88
Vendor	prefecthq
Product	prefecthq/prefect
Published	May 24, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for prefecthq prefecthq/prefect

Be the first to know when new high vulnerabilities affecting prefecthq prefecthq/prefect are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Affected Versions

prefecthq / prefecthq/prefect

unspecified ≤ latest

References

NVD ↗ CVE.org ↗ EPSS Data ↗

huntr.com: https://huntr.com/bounties/f3b048b8-7f4e-45ef-a5a7-cb841c39acde