{"data":{"id":"e87a58fe-17ee-4874-9883-24e2d4c06491","title":"CVE-2026-9132: A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to r","summary":"A missing authorization vulnerability in GitHub Enterprise Server allowed authenticated users to read source code from private repositories they shouldn't have access to. The vulnerability existed in a Copilot pull request description feature that compared code across repositories without checking if the user had permission to view the target repository, and it required the attacker to already have read access to at least one repository on the system.","solution":"The vulnerability was fixed in versions 3.17.17, 3.18.11, 3.19.8, and 3.20.4. All versions prior to 3.21 were affected.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-9132","publishedAt":"2026-06-30T21:16:30.960Z","cveId":"CVE-2026-9132","cweIds":["CWE-862"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GitHub Enterprise Server","GitHub Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T21:16:30.960Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}