GitHub Enterprise Server: Two Critical SSRF Flaws Disclosed in Same-Day Advisory
GitHub disclosed two Server-Side Request Forgery vulnerabilities in GitHub Enterprise Server on May 26–27, 2026 — one rated Critical (CVSS 9.3) — allowing unauthenticated attackers to probe internal services.
Key findings
- CVE-2026-9312 is a Critical (CVSS 9.3) unauthenticated SSRF in a GitHub Enterprise Server upload endpoint
- CVE-2026-8606 is a High-severity SSRF in the security advisories package lookup feature
- Both CVEs allow attackers to send crafted requests to internal services
- CVE-2026-8606 enables timing-based side-channel information disclosure about internal networks
- No patch version has been released as of the disclosure date; administrators should monitor GitHub's release notes
GitHub published two Server-Side Request Forgery (SSRF) vulnerabilities in GitHub Enterprise Server on May 26–27, 2026, in a tight disclosure window spanning just three hours. One of the flaws carries a Critical severity rating (CVSSv3 9.3), and both allow attackers to reach internal services that should be isolated from the public internet. The batch affects self-hosted GitHub Enterprise Server instances and underscores the risk that SSRF bugs pose in appliance-style deployments where internal management planes are often reachable from the application layer.
The more severe of the two, CVE-2026-9312 (Critical, CVSS 9.3), is an unauthenticated SSRF vulnerability in an upload endpoint. The description notes that insufficient input validation allows an attacker to inject path traversal content into request parameters, enabling crafted requests to be sent to internal services. Because the bug requires no authentication, any attacker who can reach a GitHub Enterprise Server instance over the network can exploit it to probe or interact with internal infrastructure — a classic SSRF pivot that can lead to further compromise of adjacent systems.
The second flaw, CVE-2026-8606 (High severity), resides in the security advisories package lookup feature. This SSRF allows an attacker to cause the server to issue HTTP requests to internal services, including an internal management service. The advisory notes that an attacker can measure response timing to infer information about the internal network — a side-channel technique that turns a blind SSRF into an information-disclosure vector. While this bug requires some level of access or preconditions to trigger, it still exposes internal service topology and behavior.
It is important to note that the input batch also includes CVE-2026-44451, which belongs to an unrelated project called Lumiverse (an AI chat application) and is not a GitHub Enterprise Server vulnerability. The two relevant CVEs for GitHub Enterprise Server administrators are CVE-2026-9312 and CVE-2026-8606.
GitHub has not yet published a patch advisory or fixed version range for these CVEs as of the disclosure date. Administrators running self-hosted GitHub Enterprise Server instances should monitor GitHub's Enterprise Server release notes and apply the upcoming security patch as soon as it becomes available. In the interim, network-level mitigations such as restricting outbound traffic from the appliance to only known-good destinations and placing the instance behind a properly configured web application firewall (WAF) can reduce the blast radius of SSRF exploitation.
SSRF vulnerabilities in enterprise appliances are particularly dangerous because they turn the application itself into a proxy for attacking internal networks. The combination of an unauthenticated Critical SSRF (CVE-2026-9312) and a timing-based SSRF (CVE-2026-8606) means that GitHub Enterprise Server administrators should treat this batch as a high-priority patching event. Organizations that expose their GitHub Enterprise Server instance to the internet or to broad internal networks face the greatest risk.