Vulnerabilities in PrefectHQ
10 resultsCVE-2026-32871CRITICALFastMCP OpenAPI Provider has an SSRF & Path Traversal VulnerabilityEPSS 1.1%CVE-2026-5366CRITICALGit Argument Injection in prefecthq/prefectEPSS 0.6%CVE-2026-3514HIGHAuthentication Bypass in prefecthq/prefectEPSS 0.5%CVE-2026-7722MEDIUMPrefectHQ prefect Health Check API health endswith improper authenticationEPSS 0.5%CVE-2026-7723MEDIUMPrefectHQ prefect WebSocket Endpoint in missing authenticationEPSS 0.4%CVE-2023-6022HIGHCross-Site Request Forgery (CSRF) in prefecthq/prefectEPSS 0.4%CVE-2026-3515HIGHArgument Injection in prefecthq/prefectEPSS 0.3%CVE-2026-7724LOWPrefectHQ prefect Webhook/Notification validate_restricted_url toctouEPSS 0.3%CVE-2026-7725MEDIUMPrefectHQ prefect GitRepository Pull storage.py argument injectionEPSS 0.2%CVE-2024-8183HIGHCORS Misconfiguration in prefecthq/prefectEPSS 0.2%