Auth bypass in Github Enterprise Server
CVE-2026-14340
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's inte…
Vulnerability class: Broken Access Control
Affected products
- Github Enterprise Server — versions 3.16.0, 3.17.0, 3.18.0
Weakness classification (CWE)
References
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)