wid-sec-w-2026-0685 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Microsoft GitHub Enterprise Server: Multiple Vulnerabilities

CVSS 8.7 HIGH

Risk Summary

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Microsoft GitHub Enterprise ausnutzen, um Dateien zu manipulieren und um beliebigen Code auszuführen.

CVEs (2)

CVE-2026-3306 CVE-2026-3854

Affected Vendors

Microsoft

Affected Products (12)

Microsoft · GitHub Enterprise Server <3.14.24

Microsoft · GitHub Enterprise Server 3.14.24

Microsoft · GitHub Enterprise Server <3.15.19

Microsoft · GitHub Enterprise Server 3.15.19

Microsoft · GitHub Enterprise Server <3.16.15

Microsoft · GitHub Enterprise Server 3.16.15

Microsoft · GitHub Enterprise Server <3.17.12

Microsoft · GitHub Enterprise Server 3.17.12

Microsoft · GitHub Enterprise Server <3.18.6

Microsoft · GitHub Enterprise Server 3.18.6

Microsoft · GitHub Enterprise Server <3.19.3

Microsoft · GitHub Enterprise Server 3.19.3

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more