Cyber Resilience

CVE-2026-5921

High

Published: 21 April 2026

Published
21 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5921 is a high-severity SSRF (CWE-918) vulnerability in Github Enterprise Server. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5921 is a server-side request forgery (SSRF) vulnerability in GitHub Enterprise Server, specifically affecting the notebook rendering service. When private mode is disabled, the notebook viewer follows HTTP redirects without revalidating the destination host, enabling unauthenticated SSRF to internal services. Attackers can chain this with regex filter queries against an internal API and exploit timing side-channel differences in response times to extract sensitive environment variables character by character. The vulnerability impacts all versions of GitHub Enterprise Server prior to 3.21 and carries a CVSS v3.1 base score of 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L), mapped to CWE-918.

An unauthenticated attacker can exploit this vulnerability by leveraging the instance's open redirect endpoint through an external redirect to port-scan or reach internal services. Once SSRF is achieved, the attacker measures response time variations from regex-based queries to infer secret values, such as environment variables, one character at a time. Exploitation requires private mode to be disabled, limiting its scope to misconfigured instances.

Mitigation involves updating to a patched version of GitHub Enterprise Server: 3.14.26, 3.15.21, 3.16.17, 3.17.14, 3.18.8, 3.19.5, or 3.20.1. Detailed release notes for these fixes are available in the GitHub documentation at the following URLs: https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26, https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21, https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17, https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14, and https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8. The issue was reported through the GitHub Bug Bounty program.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the…

more

notebook viewer followed HTTP redirects without revalidating the destination host, enabling an unauthenticated SSRF to internal services. By chaining this with regex filter queries against an internal API and measuring response time differences, an attacker could infer secret values character by character. Exploitation required that private mode be disabled and that the attacker be able to chain the instance's open redirect endpoint through an external redirect to reach internal services. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.26, 3.15.21, 3.16.17, 3.17.14, 3.18.8, 3.19.5, and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

SSRF vuln in public-facing GitHub Enterprise Server enables unauthenticated exploitation of public app (T1190), internal port scanning/reach to services (T1046), and side-channel extraction of env var secrets/credentials via internal API queries (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3854Same product: Github Enterprise Server
CVE-2026-0573Same product: Github Enterprise Server
CVE-2026-5845Same product: Github Enterprise Server
CVE-2024-10001Same product: Github Enterprise Server
CVE-2025-23369Same product: Github Enterprise Server
CVE-2026-0613Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-2997Shared CWE-918
CVE-2026-0686Shared CWE-918
CVE-2025-25785Shared CWE-918

Affected Assets

github
enterprise server
3.20.0 · ≤ 3.14.26 · 3.15.0 — 3.15.21 · 3.16.0 — 3.16.17

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely application of vendor patches for GitHub Enterprise Server directly remediates the SSRF vulnerability in the notebook rendering service.

prevent

Validates untrusted inputs such as URLs and redirects in the notebook viewer to prevent SSRF to internal services.

prevent

Enforces information flow policies prohibiting the notebook rendering service from accessing internal hosts via untrusted redirects.

References