wid-sec-w-2026-0682 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Microsoft GitHub Enterprise Server: Multiple Vulnerabilities

CVSS 7.4 HIGH

Risk Summary

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Microsoft GitHub Enterprise ausnutzen, um einen Cross-Site Scripting Angriff durchzuführe oder um vertrauliche Informationen offenzulegen.

CVEs (2)

CVE-2026-2266 CVE-2026-3582

Affected Vendors

Microsoft

Affected Products (10)

Microsoft · GitHub Enterprise Server <3.20

Microsoft · GitHub Enterprise Server 3.20

Microsoft · GitHub Enterprise Server <3.18.6

Microsoft · GitHub Enterprise Server 3.18.6

Microsoft · GitHub Enterprise Server <3.19.3

Microsoft · GitHub Enterprise Server 3.19.3

Microsoft · GitHub Enterprise Server <3.16.15

Microsoft · GitHub Enterprise Server 3.16.15

Microsoft · GitHub Enterprise Server <3.17.12

Microsoft · GitHub Enterprise Server 3.17.12

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more