CVE-2026-15343

GitHub · Enterprise Server

A path traversal vulnerability in GitHub Enterprise Server allows authenticated attackers with code execution in the Dependabot container to write files to arbitrary repository paths.

Executive summary

A critical path traversal vulnerability in GitHub Enterprise Server allows authenticated attackers to overwrite sensitive repository files, including GitHub Actions workflows.

Vulnerability

This is a path traversal vulnerability (CWE-22) residing within the Dependabot updater container. It requires an attacker to already possess code execution capabilities within the container, after which they can traverse directory boundaries to write arbitrary files, such as malicious workflow configurations, into the host repository.

Business impact

Successful exploitation permits an attacker to inject malicious code into CI/CD pipelines, leading to unauthorized code execution, potential supply chain compromise, or full repository control. Given the high CVSS score of 8.6, this flaw poses a significant risk to the integrity of the software development lifecycle and the confidentiality of proprietary codebases.

Remediation

Immediate Action: Update GitHub Enterprise Server to the patched releases identified in the vendor documentation, specifically versions 3.17.18, 3.18.12, 3.19.9, 3.20.5, or 3.21.3.

Proactive Monitoring: Review repository audit logs for suspicious modification of workflow files and monitor container execution logs for unusual file system activity originating from the Dependabot process.

Compensating Controls: Restrict access to Dependabot configuration settings and ensure that repository permissions follow the principle of least privilege to minimize the potential impact of container-level code execution.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The ability to manipulate workflow files via path traversal presents a severe risk to organizational security. Administrators must prioritize the application of the provided vendor updates immediately to prevent potential supply chain attacks.