CVE-2026-8106 | GitHub Enterprise Server up to 3.18.x/3.19.5/3.20.1/3.20.x /setup/unlock redirect_to cross site scripting

A vulnerability classified as problematic was found in GitHub Enterprise Server up to 3.18.x/3.19.5/3.20.1/3.20.x. This issue affects the function redirect_to of the file /setup/unlock. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-8106. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More