CVE-2026-9132: A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to r
Summary
A missing authorization vulnerability in GitHub Enterprise Server allowed authenticated users to read source code from private repositories they shouldn't have access to. The vulnerability existed in a Copilot pull request description feature that compared code across repositories without checking if the user had permission to view the target repository, and it required the attacker to already have read access to at least one repository on the system.
Solution / Mitigation
The vulnerability was fixed in versions 3.17.17, 3.18.11, 3.19.8, and 3.20.4. All versions prior to 3.21 were affected.
Vulnerability Details
EPSS: 0.0%
June 30, 2026
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-9132
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 85%