CVE-2026-7722

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and may be used. Upgrading to version 3.6.22 will fix this issue. The patch is named e21617125335025b4b27e7d6f0ca028e8e8f3b79. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 04, 2026

CWE ID

CWE-287

Source

NVD

External References

https://gist.github.com/nedlir/f576abbb0e491dc9bb7e106c140dda04
https://github.com/PrefectHQ/prefect/
https://github.com/PrefectHQ/prefect/pull/21063
https://github.com/PrefectHQ/prefect/pull/21063/changes/d8c4ff97ef7c0a940925d32b2d76324c8def42de
https://github.com/PrefectHQ/prefect/releases/tag/3.6.22
https://vuldb.com/submit/807255
https://vuldb.com/vuln/360898
https://vuldb.com/vuln/360898/cti

CVE-2026-7722

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment