Skip to main content

GitHub Enterprise Server CVE-2026-8034

| EUVDEUVD-2026-28464 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-07 GitHub_P GHSA-w548-vv26-rff6
7.9
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 00:16 vuln.today
CVSS changed
May 07, 2026 - 22:22 NVD
7.9 (HIGH)
CVE Published
May 07, 2026 - 21:18 nvd
UNKNOWN (no severity yet)
CVE Published
May 07, 2026 - 21:18 nvd
HIGH 7.9

DescriptionGitHub Advisory

A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a different URL parser than the request library, enabling a crafted URL to pass validation while directing the request to an unintended host. Exploitation required network access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.16.18, 3.17.15, 3.18.9, 3.19.6, and 3.20.2. This vulnerability was reported via the GitHub Bug Bounty program.

AnalysisAI

Server-side request forgery in GitHub Enterprise Server's notebook viewer enables remote unauthenticated attackers to access internal services and systems through URL parser confusion. The vulnerability exploits discrepancies between validation and request execution parsers, allowing crafted URLs to bypass hostname checks and target unintended internal hosts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify accessible GitHub Enterprise Server instance
Delivery
Craft notebook with parser confusion URL payload
Exploit
Submit/reference malicious notebook content
Install
Trigger notebook viewer processing
C2
Validation layer approves crafted URL
Execute
Request library targets internal service
Impact
Retrieve sensitive data from internal endpoint

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to the GitHub Enterprise Server instance and the ability to trigger notebook viewing functionality. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents significant real-world risk for organizations running GitHub Enterprise Server in environments with sensitive internal services. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An external attacker identifies a GitHub Enterprise Server instance and crafts a malicious notebook containing specially encoded URLs designed to exploit parser confusion. When the notebook viewer processes this content, the validation layer interprets the URL as pointing to an approved external resource, but the HTTP request library parses it to target an internal service such as the cloud metadata endpoint (169.254.169.254) or internal API server. …
Remediation Upgrade GitHub Enterprise Server to patched versions: 3.16.18, 3.17.15, 3.18.9, 3.19.6, or 3.20.2 depending on current release branch, or migrate to version 3.21.0 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all GitHub Enterprise Server instances and document current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-9312 CRITICAL
9.2 May 27

Server-side request forgery in GitHub Enterprise Server lets an unauthenticated attacker coerce the appliance into issui

CVE-2026-0573 CRITICAL
9.0 Feb 18

URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, pot

CVE-2026-3854 HIGH POC
8.7 Mar 10

Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbi

CVE-2025-3246 HIGH
8.6 Apr 17

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scr

CVE-2026-4821 HIGH
8.1 Apr 21

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an

CVE-2025-3509 HIGH
7.1 Apr 17

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute

CVE-2026-4296 HIGH
7.5 Apr 21

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to byp

CVE-2026-5845 HIGH
7.2 Apr 21

An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server

CVE-2026-1999 HIGH
7.1 Feb 18

GitHub Enterprise Server allows authenticated webhook administrators to bypass network restrictions through Server-Side

CVE-2026-8606 HIGH
7.0 May 26

Here is the multi-source synthesis for CVE-2026-8606: ```json { "product_name": "GitHub Enterprise Server", "summar

CVE-2026-1355 MEDIUM
6.5 Feb 18

GitHub Enterprise Server versions before 3.20 contain an authorization bypass in the repository migration upload endpoin

CVE-2026-10585 MEDIUM
6.3 Jun 30

Stored cross-site scripting in GitHub Enterprise Server's Q&A Discussion feature allows an authenticated attacker to exe

Share

CVE-2026-8034 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy