Path Traversal in Github Enterprise Server
CVE-2026-15343
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workfl…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Github Enterprise Server — versions 3.17.0, 3.18.0, 3.19.0
Weakness classification (CWE)
References
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)