Auth bypass in Github Enterprise Server

CVE-2026-9132

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff sum…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References