CVE-2026-8034

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21

Description A server-side request forgery (SSRF) issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the hostname validation uses a different parser than the request library. This allows a crafted URL to bypass validation and direct requests to unintended internal services. Exploitation requires network access to the instance.

Recommendations Update to version 3.16.18 Update to version 3.17.15 Update to version 3.18.9 Update to version 3.19.6 Update to version 3.20.2 Update to version 3.21 or later

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-436

Related Identifiers

CVE-2026-8034

Affected Products

Github Enterprise Server

CVE-2026-8034

Weakness Enumeration

Related Identifiers

Affected Products

References · 10