AIKIDO-2026-10694
prefect-client is vulnerable to Server-Side Request Forgery (SSRF)
82
High Risk
This Affects:
prefect-clientTL;DR
validate_restricted_url resolves a hostname once while downstream HTTP clients reconnect using the original hostname, so attacker-controlled DNS can answer validation with a routable address and the live connection with a private or metadata address when private URLs are forbidden. Webhook and custom webhook notification clients now use transports that re-resolve and pin validated addresses per TCP connect while keeping TLS SNI aligned with the original host. Other fixes stop load_script_as_module from leaving stray entries in sys.modules, prevent check_server_version from overwriting caller Authorization headers when an API key is present, and ensure _UnpicklingFuture completion callbacks surface deserialization errors instead of swallowing them.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
prefect-client is vulnerable to Server-Side Request Forgery (SSRF) in versions 3.0.2 - 3.6.27.
How to fix this
Upgrade the prefect-client library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant