CVE-2026-7724 | PrefectHQ prefect up to 3.6.28.dev1 Webhook/Notification validate_restricted_url toctou

Inserito da Angelo Barbosa | Mag 3, 2026 | CVE

A vulnerability was found in PrefectHQ prefect up to 3.6.28.dev1. It has been rated as critical. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use.

This vulnerability is traded as CVE-2026-7724. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Upgrading the affected component is advised.

CVE-2026-7724 | PrefectHQ prefect up to 3.6.28.dev1 Webhook/Notification validate_restricted_url toctou

Post correlati

CVE-2024-49618 | Jordan Lyall MyTweetLinks Plugin up to 1.1.1 on WordPress sql injection

CVE-2024-2620 | Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 api/client/down_file.php uuid sql injection

CVE-2024-25443 | Hugin 2022.0.0 Image linkWith use after free

CVE-2025-47700 | Mattermost up to 10.5.8 Agents Plugin server-side request forgery