CVE-2026-7723

0 field notes · 1 digest CVSS 7.3

Daily digests

Prefect's WebSocket endpoint at /api/events/in has no authentication. An attacker can connect remotely and inject events without credentials. A public exploit is already available, so expect scanning for this soon if it hasn't started already.

Daily Digest · May 4, 2026

GoBGP crashes, Prefect + MindsDB unpatched exploits

CVE-2026-7723

GoBGP crashes, Prefect + MindsDB unpatched exploits