CVE-2026-0573
Received Received - Intake
URL Redirection in GitHub Enterprise Server Leaks Authorization Tokens

Publication date: 2026-02-18

Last updated on: 2026-02-19

Assigner: GitHub, Inc. (Products Only)

Description
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a privileged JWT. An authenticated user could redirect these requests to an attacker-controlled domain, exfiltrate the Actions.ManageOrgs JWT, and leverage it for potential remote code execution. Attackers would require access to the target GitHub Enterprise Server instance and the ability to exploit a legacy redirect to an attacker-controlled domain. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.19 and was fixed in versions 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-19
Generated
2026-05-07
AI Q&A
2026-02-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-0573
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
github enterprise_server From 3.19.0 (inc) to 3.19.2 (exc)
github enterprise_server to 3.14.22 (exc)
github enterprise_server From 3.15.0 (inc) to 3.15.17 (exc)
github enterprise_server From 3.16.0 (inc) to 3.16.13 (exc)
github enterprise_server From 3.17.0 (inc) to 3.17.10 (exc)
github enterprise_server From 3.18.0 (inc) to 3.18.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an URL redirection issue in GitHub Enterprise Server. It occurs because the repository_pages API insecurely follows HTTP redirects when fetching artifact URLs, while preserving the authorization header that contains a privileged JWT token.

An authenticated user can exploit this by redirecting requests to an attacker-controlled domain, which allows the attacker to steal the Actions.ManageOrgs JWT token. This token could then be used for potential remote code execution.

To exploit this vulnerability, an attacker needs access to the target GitHub Enterprise Server instance and the ability to exploit a legacy redirect to their controlled domain.


How can this vulnerability impact me? :

This vulnerability can lead to the leakage of sensitive authorization tokens, specifically the Actions.ManageOrgs JWT, to an attacker-controlled domain.

With these tokens, an attacker could potentially perform remote code execution on the affected GitHub Enterprise Server instance, leading to unauthorized actions and compromise of the system.

The impact is significant because it requires only an authenticated user and the ability to exploit a redirect, which could result in serious security breaches.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade your GitHub Enterprise Server to one of the fixed versions: 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, or 3.14.22.

Ensure that only trusted users have authenticated access to your GitHub Enterprise Server instance to reduce the risk of exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart