Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-3515: Prefect 3.6.18: GitHub Integration Git Command Injection Risk

CVE-2026-3515

Summary

An attacker can inject malicious commands into the GitHub integration in Prefect 3.6.18, potentially leading to server-side attacks, credential theft, or code execution. This issue only affects the GitHub integration, not the GitLab or BitBucket integrations. To protect your Prefect setup, update to a newer version of Prefect or apply a patch to address this vulnerability.

Original title

Original description

A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach.

nvd CVSS3.0 8.5

Vulnerability type

CWE-88

https://huntr.com/bounties/f3b048b8-7f4e-45ef-a5a7-cb841c39acde

Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026