Auth bypass in Github Enterprise Server

CVE-2026-15783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including priva…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References