{"uuid": "ba7661d4-f981-460b-8e0f-562ecad2c7c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5366", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116785154318795848", "content": "CVE-2026-5366 (CRITICAL, CVSS 9.9): prefecthq/prefect 3.6.23 lets users with deployment creation rights inject git flags via commit_sha/directories in GitRepository, enabling remote code exec. Restrict permissions & monitor updates. https://radar.offseq.com/threat/cve-2026-5366-cwe-94-improper-control-of-generatio-ef5838b1259ff631 #OffSeq #CVE20265366 #infosec", "creation_timestamp": "2026-06-21T00:00:42.065702Z"}