Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1414

NIXPKGS-2026-1414

GitHub issue published on

Permalink CVE-2026-7725

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated an hour ago by @LeSuisse Activity log

Created suggestion 1 day, 6 hours ago
@LeSuisse ignored
4 references
3 hours ago
@LeSuisse accepted 3 hours ago
@LeSuisse published on GitHub an hour ago

PrefectHQ prefect GitRepository Pull storage.py argument injection

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 3.6.25.dev7 can resolve this issue. The patch is identified as 6a9d9918716ce4ee0297b69f3046f7067ef1faae. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

References

VDB-360901 | PrefectHQ prefect GitRepository Pull storage.py argument injection vdb-entrytechnical-description
https://gist.github.com/nedlir/c37d90dda5f715790eafc970b2ef0c8a exploit
https://github.com/PrefectHQ/prefect/pull/21384 patchissue-tracking
https://github.com/PrefectHQ/prefect/commit/6a9d9918716ce4ee0297b69f3046f7067ef… patch

Ignored references (4)

VDB-360901 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #807356 | PerfectHQ Perfect <= 3.6.24 Argument Injection third-party-advisory
https://github.com/PrefectHQ/prefect/releases/tag/3.6.25.dev7 patch
https://github.com/PrefectHQ/prefect/ product

Affected products

prefect

==3.6.25.dev6
==3.6.25.dev7

Matching in nixpkgs

pkgs.prefect

Workflow orchestration framework for building resilient data pipelines in Python

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.python312Packages.prefect

Workflow orchestration framework for building resilient data pipelines in Python

nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.python313Packages.prefect

Workflow orchestration framework for building resilient data pipelines in Python

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.python314Packages.prefect

Workflow orchestration framework for building resilient data pipelines in Python

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0

Package maintainers

@happysalada Raphael Megzari <raphael@megzari.com>
@MrMebelMan Vladyslav Burzakovskyy <burzakovskij@protonmail.com>