VDB
KO
HIGH 8.8

PYSEC-2026-1799

Cross-Site Request Forgery vulnerability in Prefect

Details

An attacker is able to steal secrets and potentially gain remote code execution via CSRF using a self-hosted, open source Prefect API.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / prefect
Introduced in: 2.0.0 Fixed in: 2.16.5
Fix pip install --upgrade 'prefect>=2.16.5'

References