Product

Prefect (<= 3.6.13)

1 brief RSS

PrefectHQ Prefect Authentication Bypass Vulnerability (CVE-2026-7723)

PrefectHQ Prefect versions up to 3.6.13 are vulnerable to an authentication bypass via manipulation of the /api/events/in WebSocket endpoint, potentially allowing remote attackers to execute unauthorized actions.

prefect CVE-2026-7723 authentication-bypass websocket prefecthq

2r 1t 1c Jan 30, 2024