CVE-2026-7724 | PrefectHQ prefect up to 3.6.28.dev1 Webhook/Notification validate_restricted_url toctou

A vulnerability was found in PrefectHQ prefect up to 3.6.28.dev1. It has been rated as critical. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use.

This vulnerability is traded as CVE-2026-7724. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More