Path Traversal Vulnerability in GitHub Enterprise Server
CVE-2026-15343
8.6HIGH
What is CVE-2026-15343?
A path traversal vulnerability was found in GitHub Enterprise Server, allowing an attacker with code execution inside the Dependabot updater container to write files to arbitrary paths in repositories. This includes the ability to manipulate GitHub Actions workflow files without proper path validation, potentially leading to unauthorized access to GitHub Actions secrets if certain workflows are utilized. The vulnerability affects all versions prior to 3.22 and has been addressed in recent updates.
Affected Version(s)
Enterprise Server 3.17.0 <= 3.17.17
Enterprise Server 3.17.0 <= 3.17.17
Enterprise Server 3.18.0 <= 3.18.11