Enterprise Server
CVE-2026-8606
HIGH
Severity by source
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and measuring response timing, an attacker could infer the values of sensitive environment variables, including signing secrets and private keys. Exploitation required GitHub Packages to be enabled; on instances not running in private mode the vulnerability was exploitable without authentication, otherwise any authenticated user could exploit it. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21.1 and was fixed in versions 3.20.3, 3.19.7, 3.18.10, 3.17.16, and 3.16.19. This vulnerability was reported via the GitHub Bug Bounty program.
AnalysisAI
Here is the multi-source synthesis for CVE-2026-8606:
{
"product_name": "GitHub Enterprise Server",
"summary": "Server-Side Request Forgery in GitHub Enterprise Server lets an attacker coerce the appliance into issuing HTTP requests to internal services through the security advisories package-lookup feature, then use response-timing differences as an oracle to infer sensitive environment variables such as signing secrets and private keys. All versions prior to 3.21.1 are affected, and exploitation is unauthenticated on instances not running in private mode (GitHub Packages must be enabled), or available to any authenticated user otherwise. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 7.0.",
"technical_context": "The flaw is a classic CWE-918 Server-Side Request Forgery: user-influenced input to the security advisories package-lookup feature is used to build an outbound HTTP request without adequate validation of the destination, so the server can be pointed at internal-only endpoints it can reach but the attacker cannot. The affected technology is the GitHub Enterprise Server self-hosted appliance (CPE cpe:2.3:a:github:enterprise_server:*), specifically its GitHub Packages subsystem, which must be enabled for the lookup path to be reachable. Rather than returning raw response bodies, the attacker exploits a timing side channel — measuring how long the server takes to talk to an internal management service — to bit-by-bit infer secret values. This is reflected in the CVSS 4.0 vector, where the vulnerable system itself sees only low confidentiality impact (VC:L) but the subsequent/adjacent systems suffer high confidentiality and integrity impact (SC:H/SI:H), capturing that the real damage is leakage of keys belonging to internal services reached via the SSRF.",
"risk_assessment": "Signals here are mixed and point to a real but non-trivial-to-exploit issue rather than a mass-exploitation threat. The CVSS 4.0 vector (AV:N/AC:H/AT:P/PR:N/UI:N) shows network reachability and no required user interaction, but also High attack complexity and present Attack Requirements (AT:P), consistent with the description's reliance on a timing oracle and the need for GitHub Packages to be enabled. PR:N indicates no privileges in the worst case, but the description qualifies this: unauthenticated exploitation only applies to instances not in private mode, while private-mode instances require any authenticated user — a nuance the single vector value cannot express, so defenders should map their own deployment mode to the correct privilege assumption. No EPSS score was provided in the source data, so exploitation probability cannot be quantified here; no CISA KEV listing and no public proof-of-concept were provided, so this is currently no public exploit identified at time of analysis. Net assessment: a moderate-priority secret-disclosure issue (subsequent-system SC:H/SI:H is the driver of the 7.0 score) whose high complexity and timing-oracle requirement reduce the likelihood of opportunistic, automated abuse, but whose impact — recovery of signing secrets and private keys — makes patching important for any internet-exposed or multi-tenant GHES appliance.",
"affected_products": "The vulnerability affects GitHub Enterprise Server (CPE cpe:2.3:a:github:enterprise_server:*) across all release lines, specifically all versions prior to 3.21.1. Fixed builds are 3.21.1, 3.20.3, 3.19.7, 3.18.10, 3.17.16, and 3.16.19. Vendor release notes documenting the fixes are published per branch at the GitHub Enterprise Server admin documentation: https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.1, https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.3, https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.7, https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.10, https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.16, and https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.19.",
"remediation": "Vendor-released patch: upgrade to the fixed build for your release line — 3.21.1, 3.20.3, 3.19.7, 3.18.10, 3.17.16, or 3.16.19 — per the GitHub Enterprise Server release notes (e.g. https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.1 and the matching per-branch notes for 3.16 through 3.20). Because the vulnerable code path is reachable only when GitHub Packages is enabled, the most direct compensating control on instances that do not need it is to disable GitHub Packages, which removes the package-lookup feature but also disables package hosting/registry functionality for users who rely on it. As an interim hardening step, enabling private mode forces authentication on the affected feature, converting the unauthenticated exposure into one requiring a valid account — this narrows the attacker population but does not eliminate the flaw for authenticated users and changes anonymous-access behavior across the instance, so it is a stopgap, not a fix. Where feasible, also restrict network egress from the GHES appliance to internal management services so the SSRF cannot reach sensitive internal endpoints, accepting that overly tight egress filtering can break legitimate outbound integrations.",
"exploit_scenario": "An attacker reaches a GitHub Enterprise Server instance that has GitHub Packages enabled and, on an instance not in private mode, does so without any account. They submit crafted input to the security advisories package-lookup feature that causes the server to make requests to an internal management service, then repeatedly measure response timing to infer secret environment-variable values such as signing secrets and private keys byte by byte. The high attack complexity (AC:H) and timing-oracle requirement mean the attack is slow and requires many iterations, but no public proof-of-concept is currently known.",
"exploitation_conditions": "GitHub Packages must be enabled on the GitHub Enterprise Server instance — this is the hard prerequisite that makes the vulnerable security advisories package-lookup code path reachable. On instances not running in private mode, no authentication is required (matching CVSS PR:N); on instances in private mode, the attacker needs any authenticated account. Exploitation further requires that the appliance can reach the targeted internal management service over the network and that the attacker can perform repeated, precise response-timing measurements, since the secret values (signing secrets, private keys) are recovered through a timing side channel rather than returned directly. Limiting factors that reduce realistic risk: High attack complexity and present Attack Requirements (AC:H/AT:P) mean the timing oracle is slow and noisy; private-mode deployments remove the unauthenticated path; and instances with GitHub Packages disabled are not exploitable at all.",
"attack_chain": "Reach GHES package-lookup endpoint → Submit crafted package lookup input → Server issues request to internal service → Measure response timing as oracle → Infer signing secrets and private keys",
"confidence_notes": "Affected and fixed versions, the requirement that GitHub Packages be enabled, and the private-mode/authentication nuance are confirmed by the vendor description and GHES release notes. The CVSS 4.0 vector is provided and drives the privilege and impact assessment, but its single PR:N value does not capture the description's conditional authentication, so map it to your deployment mode. No EPSS score, no CISA KEV entry, and no proof-of-concept were present in the source data, so exploitation probability and active-exploitation status are unknown — treated here as no public exploit identified at time of analysis."
}(Note: I attempted to save this to /tmp/cve-2026-8606-analysis.json but the write permission wasn't granted, so the analysis is returned inline above.)
More in Enterprise Server
View allThe RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. R
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowe
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sig
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Ent
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication wi
Server-side request forgery in GitHub Enterprise Server lets an unauthenticated attacker coerce the appliance into issui
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor rol
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor rol
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today