Auth bypass in Github Enterprise Server
CVE-2026-15783
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including priva…
Vulnerability class: Broken Access Control
Affected products
- Github Enterprise Server — versions 3.17.0, 3.18.0, 3.19.0
Weakness classification (CWE)
References
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)
- product-cna@github.com (release-notes)