How is CVE-2026-3514 exploited?

Network reachability (required): The vulnerable Prefect API is exposed over the network, so an attacker must be able to send HTTP requests to it from a remote host. Authentication (not-required): No credentials of any kind are needed; the middleware actively skips authentication for the affected URL paths. Victim interaction (not-required): The attacker makes direct requests to the API with no need for any user to take an action. Attack complexity (info): Exploitation is reliable and condition-free: the attacker only needs to know or guess a resource name ending in 'health' or 'ready', which they can create themselves.

What is the impact of CVE-2026-3514?

Reads Prefect Variables containing stored API keys and database credentials without any prior authentication. Reads metadata for flows, deployments, work pools, and work queues, exposing pipeline structure and configuration details. Provides a foothold for further attacks using harvested credentials against downstream systems that Prefect is integrated with.

Back to search

HIGHCVE-2026-3514Published 2026-06-02Modified 2026-06-02CNA @huntr_ai

CVE-2026-3514: Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allows an attacker to create resources with names ending in 'health' or 'ready' and access them without authentication. Affected endpoints include those for variables, flows, work pools, work queues, and deployments. This vulnerability can lead to unauthorized access to sensitive information, such as API keys and database credentials, stored in Prefect Variables.

CVSS v3.0: 7.5
Severity: HIGH
Fixed in: 3.6.22
Affected Products: 1

HarborGuard Analysis

Synopsis

An authentication bypass vulnerability exists in prefecthq/prefect versions before 3.6.22. The flaw is reachable over the network without any credentials: the authentication middleware skips auth checks on any URL path ending with 'health' or 'ready', so an attacker can create resources with names matching those suffixes and read them unauthenticated. Successful exploitation gives an unauthenticated remote attacker read access to sensitive data stored in Prefect Variables, including API keys and database credentials. A patched-image rebuild at version 3.6.22 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle prefecthq/prefect, regardless of where those images are stored or built.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.5 (HIGH) and weighting it against each environment's compliance policy to determine urgency; matched findings are routed to the appropriate team inbox within the customer org based on ownership rules configured in HarborGuard.

Available

Patch

A patched-image rebuild at prefecthq/prefect 3.6.22 becomes available on HarborGuard for any environment where an affected version is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test, and opens a pull request against affected workloads.

Available

Exploit Conditions

Network reachabilityRequired
The vulnerable Prefect API is exposed over the network, so an attacker must be able to send HTTP requests to it from a remote host.
AuthenticationNot required
No credentials of any kind are needed; the middleware actively skips authentication for the affected URL paths.
Victim interactionNot required
The attacker makes direct requests to the API with no need for any user to take an action.
Attack complexityDetail
Exploitation is reliable and condition-free: the attacker only needs to know or guess a resource name ending in 'health' or 'ready', which they can create themselves.

Blast Radius

Reads Prefect Variables containing stored API keys and database credentials without any prior authentication.
Reads metadata for flows, deployments, work pools, and work queues, exposing pipeline structure and configuration details.
Provides a foothold for further attacks using harvested credentials against downstream systems that Prefect is integrated with.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-3514 is active across all connected registries and CI pipelines, matching images that bundle prefecthq/prefect at any version below 3.6.22. A patched-image rebuild at version 3.6.22 is available the moment a match is confirmed. For customers who opt into auto-remediation, HarborGuard performs the image rebuild, executes a regression run, and opens a pull request against affected workloads; for HIGH-severity issues, the median time from CVE publication to merged patch PR in auto-remediation-enabled environments is around 90 minutes. Where auto-remediation is not enabled, the finding appears in the HarborGuard dashboard with remediation guidance pointing to the 3.6.22 upgrade. Until patched, consider applying network policy to restrict access to the Prefect API to trusted sources only, which reduces the unauthenticated exposure surface without requiring an immediate image rebuild.

See how HarborGuard automates this

Fix available

3.6.22

Affected packages

prefecthq / prefecthq/prefect
< 3.6.22 (from unspecified)

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available