Auth bypass in Github Enterprise Server

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's inte…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References