CVE-2026-8106: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub Enterprise Server
CVE-2026-8106 is a reflected cross-site scripting (XSS) vulnerability in the GitHub Enterprise Server Management Console login page. The vulnerability arises from improper sanitization of the redirect_to query parameter on the /setup/unlock endpoint, allowing injection of malicious HTML elements. An attacker could exploit this by tricking an administrator into clicking a crafted link and entering credentials, potentially leading to credential theft. This issue affects GitHub Enterprise Server versions 3. 19. 1 through 3. 19. 5 and 3. 20. 0 through 3.
AI Analysis
Technical Summary
A reflected HTML injection vulnerability (CWE-79) exists in the GitHub Enterprise Server Management Console login page due to improper neutralization of input in the redirect_to query parameter on the /setup/unlock endpoint. This parameter is reflected into an HTML attribute without proper sanitization, enabling injection of a form element that can capture administrator credentials. Exploitation requires user interaction by an administrator clicking a malicious link and submitting credentials. The vulnerability affects versions 3.19.1 through 3.19.5 and 3.20.0 through 3.20.1 and was resolved in versions 3.19.6 and 3.20.2. No known exploits in the wild have been reported.
Potential Impact
Successful exploitation could lead to credential theft of administrators by injecting malicious HTML that captures login information. This could compromise administrative access to the GitHub Enterprise Server Management Console. The vulnerability requires user interaction and is limited to affected versions prior to 3.19.6 and 3.20.2. The CVSS score of 5.9 reflects a medium impact with network attack vector, low attack complexity, and high confidentiality impact.
Mitigation Recommendations
A fix is available in GitHub Enterprise Server versions 3.19.6 and 3.20.2. Users should upgrade to these or later versions to remediate this vulnerability. Since this is not a cloud service, remediation depends on applying the official patches. No additional mitigation guidance is provided in the vendor advisory.
CVE-2026-8106: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub Enterprise Server
Description
CVE-2026-8106 is a reflected cross-site scripting (XSS) vulnerability in the GitHub Enterprise Server Management Console login page. The vulnerability arises from improper sanitization of the redirect_to query parameter on the /setup/unlock endpoint, allowing injection of malicious HTML elements. An attacker could exploit this by tricking an administrator into clicking a crafted link and entering credentials, potentially leading to credential theft. This issue affects GitHub Enterprise Server versions 3. 19. 1 through 3. 19. 5 and 3. 20. 0 through 3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A reflected HTML injection vulnerability (CWE-79) exists in the GitHub Enterprise Server Management Console login page due to improper neutralization of input in the redirect_to query parameter on the /setup/unlock endpoint. This parameter is reflected into an HTML attribute without proper sanitization, enabling injection of a form element that can capture administrator credentials. Exploitation requires user interaction by an administrator clicking a malicious link and submitting credentials. The vulnerability affects versions 3.19.1 through 3.19.5 and 3.20.0 through 3.20.1 and was resolved in versions 3.19.6 and 3.20.2. No known exploits in the wild have been reported.
Potential Impact
Successful exploitation could lead to credential theft of administrators by injecting malicious HTML that captures login information. This could compromise administrative access to the GitHub Enterprise Server Management Console. The vulnerability requires user interaction and is limited to affected versions prior to 3.19.6 and 3.20.2. The CVSS score of 5.9 reflects a medium impact with network attack vector, low attack complexity, and high confidentiality impact.
Mitigation Recommendations
A fix is available in GitHub Enterprise Server versions 3.19.6 and 3.20.2. Users should upgrade to these or later versions to remediate this vulnerability. Since this is not a cloud service, remediation depends on applying the official patches. No additional mitigation guidance is provided in the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_P
- Date Reserved
- 2026-05-07T14:46:18.902Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fd095dcbff5d86103c8524
Added to database: 5/7/2026, 9:51:25 PM
Last enriched: 5/7/2026, 10:06:34 PM
Last updated: 5/7/2026, 10:58:25 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.