PYSEC-2026-1800

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/prefect/PYSEC-2026-1800.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1800
Aliases
Published
2026-07-07T14:34:56.433987Z
Modified
2026-07-07T17:48:07.117706796Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
Summary
Prefect CORS (Cross-Origin Resource Sharing) misconfiguration
Details

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect prior to version 3.0.3 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.

References

Affected packages

PyPI / prefect

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.20.17
Introduced
3.0.0rc1
Fixed
3.0.3

Affected versions

0.*
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4
0.11.5
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.12.6
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.13.9
0.13.10
0.13.11
0.13.12
0.13.13
0.13.14
0.13.15
0.13.16
0.13.17
0.13.18
0.13.19
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.14.7
0.14.8
0.14.9
0.14.10
0.14.11
0.14.12
0.14.13
0.14.14
0.14.15
0.14.16
0.14.17
0.14.18
0.14.19
0.14.20
0.14.21
0.14.22
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.15.5
0.15.6
0.15.7
0.15.8
0.15.9
0.15.10
0.15.11
0.15.12
0.15.13
1.*
1.0rc1
1.0.0
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.4.0
1.4.1
2.*
2.0a1
2.0a2
2.0a3
2.0a4
2.0a5
2.0a6
2.0a7
2.0a8
2.0a9
2.0a10
2.0a11
2.0a12
2.0a13
2.0b1
2.0b2
2.0b3
2.0b4
2.0b5
2.0b6
2.0b7
2.0b8
2.0b9
2.0b10
2.0b11
2.0b12
2.0b13
2.0b14
2.0b15
2.0b16
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.1.1
2.2.0
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5.0
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.7.10
2.7.11
2.7.12
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.9.0
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.10.8
2.10.9
2.10.10
2.10.11
2.10.12
2.10.13
2.10.14
2.10.15
2.10.16
2.10.17
2.10.18
2.10.19
2.10.20
2.10.21
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.12.0
2.12.1
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.14.5
2.14.6
2.14.8
2.14.9
2.14.10
2.14.11
2.14.12
2.14.13
2.14.14
2.14.15
2.14.16
2.14.17
2.14.18
2.14.19
2.14.20
2.14.21
2.15.0
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.16.6
2.16.7
2.16.8
2.16.9
2.17.0
2.17.1
2.18.0
2.18.1
2.18.2
2.18.3
2.19.0
2.19.1
2.19.2
2.19.3
2.19.4
2.19.5
2.19.6
2.19.7
2.19.8
2.19.9
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.20.5
2.20.6
2.20.7
2.20.8
2.20.9
2.20.10
2.20.11
2.20.12
2.20.13
2.20.14
2.20.15
2.20.16
3.*
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0rc4
3.0.0rc5
3.0.0rc6
3.0.0rc7
3.0.0rc8
3.0.0rc9
3.0.0rc10
3.0.0rc11
3.0.0rc12
3.0.0rc13
3.0.0rc14
3.0.0rc15
3.0.0rc16
3.0.0rc17
3.0.0rc18
3.0.0rc19
3.0.0rc20
3.0.0
3.0.1
3.0.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/prefect/PYSEC-2026-1800.yaml"