CVE-2026-0573

HIGH EPSS 46.3%
Published Feb 18, 20264mo ago · Modified Jun 17, 20261w ago
7.6 CVSS 4.0
High
Find Similar
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a privileged JWT. An authenticated user could redirect these requests to an attacker-controlled domain, exfiltrate the Actions.ManageOrgs JWT, and leverage it for potential remote code execution. Attackers would require access to the target GitHub Enterprise Server instance and the ability to exploit a legacy redirect to an attacker-controlled domain. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.19 and was fixed in versions 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS Details

Base Score
7.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
46.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-601

Affected Products 6

VendorProductVersionRange
githubenterprise_server* <3.14.22
githubenterprise_server*≥3.15.0  –  <3.15.17
githubenterprise_server*≥3.16.0  –  <3.16.13
githubenterprise_server*≥3.17.0  –  <3.17.10
githubenterprise_server*≥3.18.0  –  <3.18.4
githubenterprise_server*≥3.19.0  –  <3.19.2

References 6

  • docs.github.com https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.22
    ProductRelease Notes
  • docs.github.com https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.17
    ProductRelease Notes
  • docs.github.com https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.13
    ProductRelease Notes
  • docs.github.com https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.10
    ProductRelease Notes
  • docs.github.com https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.4
    ProductRelease Notes
  • docs.github.com https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2
    ProductRelease Notes

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.