VYPR
patchPublished May 27, 2026· Updated Jun 3, 2026· 3 sources

GitHub Enterprise Server 3.20.3 Patches Critical Pre-Auth SSRF and 'Dirty Frag' Kernel Flaws

GitHub released GHES 3.20.3 fixing a critical pre-authentication SSRF vulnerability (CVE-2026-9312) and two high-severity Linux kernel privilege-escalation bugs collectively known as 'Dirty Frag.'

GitHub has shipped GitHub Enterprise Server (GHES) 3.20.3 as a security‑driven patch release that fixes multiple critical and high‑severity vulnerabilities and rotates the signing key used to validate GHES release packages. Organizations running any earlier 3.20.x build are strongly encouraged to move to this version to close serious gaps affecting network‑exposed and multi‑tenant deployments.

The headline fix in 3.20.3 is a critical pre‑authentication server‑side request forgery (SSRF) vulnerability in an upload endpoint. Because input parameters were not strictly validated, an attacker with network access to the GHES instance could craft upload requests that cause the server to issue internal HTTP calls, potentially hitting internal services and exposing credentials or configuration data. This issue, tracked as CVE‑2026‑9312 and reported via the GitHub Bug Bounty program, posed a serious risk to instances reachable from less‑trusted networks. GitHub mitigated the flaw by tightening input validation on the endpoint, restricting which destinations can be contacted, and preventing it from being used as a general‑purpose SSRF primitive against internal infrastructure.

GHES 3.20.3 also addresses two high‑severity privilege-escalation issues in the Linux kernel's IPsec ESP and RxRPC networking subsystems, collectively known as "Dirty Frag." On vulnerable appliances, a local attacker could exploit these bugs to escalate from a regular user account to root, gaining full control over the underlying operating system. GitHub requested CVE‑2026‑43284 and CVE‑2026‑43500 for these vulnerabilities and updated the bundled kernel to a fixed version as part of this patch. In shared environments where multiple teams or automated processes have shell access, this reduces the risk that a low‑privileged foothold on the appliance can be escalated to a complete compromise.

Beyond the main issues, GHES 3.20.3 rolls in several security fixes introduced across the previous 3.20.x updates that focus on SSRF and sensitive data exposure. These include a timing side‑channel in the notebook viewer that could leak environment variables and an internal packages endpoint that could be abused for unauthenticated SSRF when private mode is disabled. GitHub assigned CVE‑2026‑5921 and CVE‑2026‑8606 to these problems and notes that external researchers found many through the bug bounty program. Together, these changes significantly reduce the attack surface for internal‑service access and secret exfiltration on misconfigured or internet‑facing GHES instances.

A central change in GHES 3.20.3 is the revocation of the previous GPG signing key for release packages. From this patch onward, all GHES images are signed only with a new key, which means administrators must update the trusted public keys on their appliances before attempting the upgrade. GitHub provides an official script and documented procedure to automate this signing key rotation so admins can safely trust the new artifacts. If the key rotation step is skipped, the appliance will fail signature verification during upgrade, blocking deployment of 3.20.3 and delaying important security fixes.

The 3.20.3 release also includes non‑security improvements that boost resilience and observability in large deployments. Nomad service lifecycle events now correctly trigger snapshots, helping preserve cluster state, and the default memory limit for the OpenTelemetry collector has been increased to prevent metrics dropouts under heavy load. GitHub has also fixed UX and compatibility issues, such as broken rendering of legacy images in markdown tables and the presence of an unsupported Copilot tab in GitHub App settings on GHES. These quality‑of‑life improvements reduce operational friction, allowing teams to focus on timely patching and security monitoring.

GitHub recommends that all customers on GHES 3.20.x prioritize upgrading to 3.20.3 after completing the required GPG key rotation using the official guidance. Instances with exposure to untrusted networks or where multiple internal teams share access should treat this release as urgent, as it removes both a pre‑auth SSRF vector and a reliable local privilege-escalation path. Administrators should also revisit the exposure of upload endpoints, notebook services, and package endpoints, applying additional network segmentation and access controls where possible. This layered approach will help limit the blast radius of any future vulnerabilities and strengthen the overall security posture of self‑hosted GitHub environments.

The same-day advisory published on May 26–27, 2026, details two SSRF vulnerabilities in GitHub Enterprise Server: CVE-2026-9312 (Critical, CVSS 9.3) is an unauthenticated SSRF in an upload endpoint allowing attackers to probe internal services, and CVE-2026-8606 (High severity) is a timing-based SSRF in the security advisories package lookup feature. As of the disclosure date, no patch version has been released, and administrators are advised to monitor GitHub's release notes and apply network-level mitigations such as restricting outbound traffic and using a WAF in the interim.

This advisory from Fortinet PSIRT provides a more detailed technical breakdown of the Dirty Frag vulnerability, specifically detailing the chaining of CVE-2026-43284 and CVE-2026-43500. It elaborates on how the MSG_SPLICE_PAGES mechanism in the Linux kernel, when combined with the lack of proper handling for shared fragments in UDP ESP packets, allows for in-place decryption of sensitive data. The advisory also clarifies that the fix ensures data is copied before decryption when fragments are shared, preventing unauthorized modification and specifically noting that this change does not affect ESP output.

Synthesized by Vypr AI