URL Redirection Vulnerability in GitHub Enterprise Server
CVE-2026-0573

7.6HIGH

Key Information:

Vendor

Github
Status
Enterprise Server
Vendor
CVE Published:
18 February 2026

What is CVE-2026-0573?

An URL redirection vulnerability in GitHub Enterprise Server allows attackers to leverage improper handling of HTTP redirects. Exploiting this flaw enables malicious actors to redirect authenticated users to unauthorized domains, resulting in the potential exfiltration of sensitive authorization tokens like the Actions.ManageOrgs JWT. This can lead to unauthorized access or even remote code execution if the tokens are misused. The vulnerability affects all versions of GitHub Enterprise Server prior to 3.19 and has been addressed in multiple updates, including versions 3.19.2, 3.18.4, and earlier releases.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise Server 3.14 <= 3.14.21

Enterprise Server 3.14 <= 3.14.21

Enterprise Server 3.15 <= 3.15.16

References

https://docs.github.com/en/enterprise-server@3.14/admin/r...
release-notes
https://docs.github.com/en/enterprise-server@3.15/admin/r...
release-notes
https://docs.github.com/en/enterprise-server@3.16/admin/r...
release-notes

CVSS V4

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

R31n
JSON
.