Missing Authorization Vulnerability in GitHub Enterprise Server
CVE-2026-15783
5.3MEDIUM
What is CVE-2026-15783?
A missing authorization vulnerability was discovered in GitHub Enterprise Server. This flaw enables an authenticated user with write access to any repository to access metadata from private repositories they should not have access to. Details such as private repository owners, branch names, commit SHAs, commit messages, and pushing actor can be extracted. The vulnerability arises from a compromised endpoint that processes attacker-supplied, encoded identifiers, bypassing necessary authorizations. This issue affects all versions prior to 3.22 and has been addressed in subsequent releases.
Affected Version(s)
Enterprise Server 3.17.0 <= 3.17.17
Enterprise Server 3.17.0 <= 3.17.17
Enterprise Server 3.18.0 <= 3.18.11