CVE-2026-1999 | GitHub Enterprise Server up to 3.17.10/3.18.4/3.19.1 Pull Request enable_auto_merge authorization

A vulnerability identified as problematic has been detected in GitHub Enterprise Server up to 3.17.10/3.18.4/3.19.1. This issue affects the function enable_auto_merge of the component Pull Request Handler. The manipulation leads to incorrect authorization.

This vulnerability is documented as CVE-2026-1999. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More