Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5921

Summary
Assigner-GitHub_P
Assigner Org ID-82327ea3-741d-41e4-88f8-2cf9e791e760
Published At-21 Apr, 2026 | 22:11
Updated At-22 Apr, 2026 | 13:18
Rejected At-
Credits

Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebook viewer followed HTTP redirects without revalidating the destination host, enabling an unauthenticated SSRF to internal services. By chaining this with regex filter queries against an internal API and measuring response time differences, an attacker could infer secret values character by character. Exploitation required that private mode be disabled and that the attacker be able to chain the instance's open redirect endpoint through an external redirect to reach internal services. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.26, 3.15.21, 3.16.17, 3.17.14, 3.18.8, 3.19.5, and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_P
Assigner Org ID:82327ea3-741d-41e4-88f8-2cf9e791e760
Published At:21 Apr, 2026 | 22:11
Updated At:22 Apr, 2026 | 13:18
Rejected At:
▼CVE Numbering Authority (CNA)
Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebook viewer followed HTTP redirects without revalidating the destination host, enabling an unauthenticated SSRF to internal services. By chaining this with regex filter queries against an internal API and measuring response time differences, an attacker could infer secret values character by character. Exploitation required that private mode be disabled and that the attacker be able to chain the instance's open redirect endpoint through an external redirect to reach internal services. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.26, 3.15.21, 3.16.17, 3.17.14, 3.18.8, 3.19.5, and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.

Affected Products
Vendor
GitHub, Inc.GitHub
Product
Enterprise Server
Default Status
affected
Versions
Affected
  • From 3.14.0 before 3.14.26 (semver)
    • -> unaffectedfrom3.14.26
  • From 3.15.0 before 3.15.21 (semver)
    • -> unaffectedfrom3.15.21
  • From 3.16.0 before 3.16.17 (semver)
    • -> unaffectedfrom3.16.17
  • From 3.17.0 before 3.17.14 (semver)
    • -> unaffectedfrom3.17.14
  • From 3.18.0 before 3.18.8 (semver)
    • -> unaffectedfrom3.18.8
  • From 3.19.0 before 3.19.5 (semver)
    • -> unaffectedfrom3.19.5
  • From 3.20.0 before 3.20.1 (semver)
    • -> unaffectedfrom3.20.1
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
4.08.9HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P
Version: 4.0
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-462CAPEC-462 Cross-Domain Search Timing
CAPEC ID: CAPEC-462
Description: CAPEC-462 Cross-Domain Search Timing
Solutions
Configurations
Workarounds
Exploits
Credits
finder
R31n
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26
release-notes
https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21
release-notes
https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17
release-notes
https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14
release-notes
https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8
release-notes
https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5
release-notes
https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1
release-notes
Hyperlink: https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26
Resource:
release-notes
Hyperlink: https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21
Resource:
release-notes
Hyperlink: https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17
Resource:
release-notes
Hyperlink: https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14
Resource:
release-notes
Hyperlink: https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8
Resource:
release-notes
Hyperlink: https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5
Resource:
release-notes
Hyperlink: https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1
Resource:
release-notes
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-cna@github.com
Published At:21 Apr, 2026 | 23:16
Updated At:28 Apr, 2026 | 20:43

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebook viewer followed HTTP redirects without revalidating the destination host, enabling an unauthenticated SSRF to internal services. By chaining this with regex filter queries against an internal API and measuring response time differences, an attacker could infer secret values character by character. Exploitation required that private mode be disabled and that the attacker be able to chain the instance's open redirect endpoint through an external redirect to reach internal services. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.26, 3.15.21, 3.16.17, 3.17.14, 3.18.8, 3.19.5, and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.9HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.9HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Type: Secondary
Version: 4.0
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
CPE Matches
GitHub, Inc.
github
>>enterprise_server>>Versions before 3.14.26(exclusive)
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
GitHub, Inc.
github
>>enterprise_server>>Versions from 3.15.0(inclusive) to 3.15.21(exclusive)
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
GitHub, Inc.
github
>>enterprise_server>>Versions from 3.16.0(inclusive) to 3.16.17(exclusive)
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
GitHub, Inc.
github
>>enterprise_server>>Versions from 3.17.0(inclusive) to 3.17.14(exclusive)
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
GitHub, Inc.
github
>>enterprise_server>>Versions from 3.18.0(inclusive) to 3.18.8(exclusive)
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
GitHub, Inc.
github
>>enterprise_server>>Versions from 3.19.0(inclusive) to 3.19.5(exclusive)
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
GitHub, Inc.
github
>>enterprise_server>>3.20.0
cpe:2.3:a:github:enterprise_server:3.20.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Secondaryproduct-cna@github.com
CWE ID: CWE-918
Type: Secondary
Source: product-cna@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26product-cna@github.com
Release Notes
Vendor Advisory
https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21product-cna@github.com
Release Notes
Vendor Advisory
https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17product-cna@github.com
Release Notes
Vendor Advisory
https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14product-cna@github.com
Release Notes
Vendor Advisory
https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8product-cna@github.com
Release Notes
Vendor Advisory
https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5product-cna@github.com
Release Notes
Vendor Advisory
https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1product-cna@github.com
Release Notes
Vendor Advisory
Hyperlink: https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26
Source: product-cna@github.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21
Source: product-cna@github.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17
Source: product-cna@github.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14
Source: product-cna@github.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8
Source: product-cna@github.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5
Source: product-cna@github.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1
Source: product-cna@github.com
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2024-5746
Matching Score-6
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-6
Assigner-GitHub, Inc. (Products Only)
CVSS Score-7.6||HIGH
EPSS-0.16% / 35.83%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 21:31
Updated-27 Aug, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverGitHub Enterprise Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-8034
Matching Score-6
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-6
Assigner-GitHub, Inc. (Products Only)
CVSS Score-7.9||HIGH
EPSS-0.04% / 13.44%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 21:18
Updated-11 May, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a different URL parser than the request library, enabling a crafted URL to pass validation while directing the request to an unintended host. Exploitation required network access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.16.18, 3.17.15, 3.18.9, 3.19.6, and 3.20.2. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-436
Interpretation Conflict
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-42168
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-8.9||HIGH
EPSS-0.28% / 51.08%
||
7 Day CHG~0.00%
Published-11 Jan, 2025 | 02:24
Updated-16 May, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsDRYiCE MyXalytics
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
Details not found