Critical Remote Code Execution Vulnerability in Prefect: CVE-2026-5366
A critical vulnerability (CVE-2026-5366, CVSS 9.9) in Prefect version 3.6.23 allows remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. Any user with deployment creation permissions can exploit this flaw to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments. Immediate action is required to mitigate this vulnerability.