VDB

GCVE-110-NCSC-2026-67

GCVE-110-NCSC-2026-67
Advisory PublishedCVSS 6.5/10
Vulnetix · Advisory published February 20, 2026
An authorization vulnerability in GitHub Enterprise Server prior to versions 3.19.2, 3.18.5, and 3.17.11 allowed unauthorized pull requests to be merged into repositories, resolved through the GitHub Bug Bounty program.

Weaknesses (CWE)

CWE-863Incorrect AuthorizationCWE-862Missing Authorization

Risk Scores

CVSS 3.1
6.5/10
Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
GitHubvers:unknown/*
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›