VDB
GCVE-110-NCSC-2026-67
GCVE-110-NCSC-2026-67
Advisory PublishedCVSS 6.5/10
An authorization vulnerability in GitHub Enterprise Server prior to versions 3.19.2, 3.18.5, and 3.17.11 allowed unauthorized pull requests to be merged into repositories, resolved through the GitHub Bug Bounty program.
Weaknesses (CWE)
CWE-863Incorrect AuthorizationCWE-862Missing Authorization
Risk Scores
CVSS 3.1
6.5/10
Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GitHub | vers:unknown/* | — | — |
| Microsoft | vers:unknown/* | — | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.