Path Traversal Vulnerability in GitHub Enterprise Server
CVE-2026-15343

8.6HIGH

Key Information:

Vendor

Github

Vendor
CVE Published:
17 July 2026

What is CVE-2026-15343?

A path traversal vulnerability was found in GitHub Enterprise Server, allowing an attacker with code execution inside the Dependabot updater container to write files to arbitrary paths in repositories. This includes the ability to manipulate GitHub Actions workflow files without proper path validation, potentially leading to unauthorized access to GitHub Actions secrets if certain workflows are utilized. The vulnerability affects all versions prior to 3.22 and has been addressed in recent updates.

Affected Version(s)

Enterprise Server 3.17.0 <= 3.17.17

Enterprise Server 3.17.0 <= 3.17.17

Enterprise Server 3.18.0 <= 3.18.11

References

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.