CVE-2026-3515
Published:May 24, 2026
Updated:June 11, 2026
A vulnerability in the "GitHubRepository" block of the "prefect-github" integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the "reference" field. The "reference" field is concatenated directly into a "git clone" command string without proper sanitization, and then parsed by "shlex.split()". This enables injection of options such as "-c", leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the "aget_directory()" and "get_directory()" methods in "src/integrations/prefect-github/prefect_github/repository.py". This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach.
Affected Packages
https://github.com/PrefectHQ/prefect.git (GITHUB):
Affected version(s) >=3.6.0 <3.7.1Fix Suggestion:
Update to version 3.7.1prefect (PYTHON):
Affected version(s) >=0.0.0 <3.7.1Fix Suggestion:
Update to version 3.7.1prefect-github (PYTHON):
Affected version(s) >=0.1.0 <=0.4.2Fix Suggestion:
Update to version no_fixRelated Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
EPSS
Base Score:
0.11