What is CVE-2026-4821?

CVE-2026-4821 is a high-severity vulnerability in Github Enterprise Server, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-04-21.

How severe is CVE-2026-4821?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Github Enterprise Server

CVE-2026-4821

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in pr…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (3.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Github Enterprise Server — versions 3.20.0, 3.19.0, 3.18.0
Github Enterprise_server — versions 3.20.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

product-cna@github.com (Release Notes, Vendor Advisory)
product-cna@github.com (Release Notes, Vendor Advisory)
product-cna@github.com (Release Notes, Vendor Advisory)
product-cna@github.com (Release Notes, Vendor Advisory)
product-cna@github.com (Release Notes, Vendor Advisory)
product-cna@github.com (Release Notes, Vendor Advisory)
product-cna@github.com (Release Notes, Vendor Advisory)

Frequently asked questions

What is CVE-2026-4821?: CVE-2026-4821 is a high-severity vulnerability in Github Enterprise Server, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-04-21.
How severe is CVE-2026-4821?: High severity. CVSS v3 base score is 7.2 out of 10.