CVE-2026-7722

MEDIUM 5.3

PrefectHQ prefect Health Check API health endswith improper authentication

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and may be used. Upgrading to version 3.6.22 will fix this issue. Upgrading the affected component is recommended.

CWE	CWE-287
Vendor	prefecthq
Product	prefect
Published	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for prefecthq prefect

Be the first to know when new medium vulnerabilities affecting prefecthq prefect are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

PrefectHQ / prefect

3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.6.5 3.6.6 3.6.7 3.6.8 3.6.9 3.6.10 3.6.11 3.6.12 3.6.13 3.6.14 3.6.15 3.6.16 3.6.17 3.6.18 3.6.19 3.6.20 3.6.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/360898 vuldb.com: https://vuldb.com/vuln/360898/cti vuldb.com: https://vuldb.com/submit/807255 gist.github.com: https://gist.github.com/nedlir/f576abbb0e491dc9bb7e106c140dda04 github.com: https://github.com/PrefectHQ/prefect/pull/21063 github.com: https://github.com/PrefectHQ/prefect/pull/21063/changes/d8c4ff97ef7c0a940925d32b2d76324c8def42de github.com: https://github.com/PrefectHQ/prefect/releases/tag/3.6.22 github.com: https://github.com/PrefectHQ/prefect/

Credits

🔍 nedlir (VulDB User)