CVE-2026-5921

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21

Description A server-side request forgery (SSRF) allows an attacker to extract sensitive environment variables from an instance via a timing side-channel attack against the notebook rendering service. When private mode is disabled, the notebook viewer follows HTTP redirects without revalidating the destination host, enabling unauthenticated SSRF to internal services. By chaining the instance's open redirect endpoint through an external redirect to reach internal services and using regex filter queries against an internal API to measure response time differences, an attacker can infer secret values character by character.

Recommendations Update to version 3.14.26 Update to version 3.15.21 Update to version 3.16.17 Update to version 3.17.14 Update to version 3.18.8 Update to version 3.19.5 Update to version 3.20.1 Enable private mode to prevent the notebook viewer from following redirects to internal services.