A vulnerability was found in prefecthq prefect up to 3.6.23 . It has been rated as critical . This affects an unknown part. Performing a manipulation of the argument commit_sha results in code injection. This vulnerability is identified as CVE-2026-5366 . The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.