What is CVE-2026-0573?

A high-severity URL redirection vulnerability in GitHub Enterprise Server could allow attackers to exfiltrate sensitive authorization tokens. Organizations must prioritize patching to mitigate risks.

What is the severity of CVE-2026-0573?

CVE-2026-0573 has a severity rating of HIGH with a CVSS base score of 7.6.

CVE-2026-0573 | High Vulnerability in GitHub Enterprise Server

On February 18, 2026, a high-severity URL redirection vulnerability was identified in GitHub Enterprise Server, specifically affecting all versions prior to 3.19. This vulnerability allows attacker-controlled redirects, which could lead to the leakage of sensitive authorization tokens. The issue arises from the repository_pages API, which insecurely follows HTTP redirects while fetching artifact URLs, preserving the authorization header that contains a privileged JSON Web Token (JWT).

The vulnerability is particularly critical as an authenticated user can redirect requests to an attacker-controlled domain. This could enable the exfiltration of the Actions.ManageOrgs JWT, which can be leveraged for potential remote code execution. Attackers would need access to the target GitHub Enterprise Server instance and the capability to exploit a legacy redirect to an attacker-controlled domain.

Given the potential for attackers to exploit this vulnerability, organizations utilizing GitHub Enterprise Server must prioritize patching immediately. The vulnerability was fixed in the following versions: 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22.

The risk to organizations includes unauthorized access, data leakage, and potential compromise of sensitive operations. Immediate action is imperative to safeguard the integrity of systems and data.

Vulnerability Details

The official description of this vulnerability states that it allows attacker-controlled redirects to leak sensitive authorization tokens. The vulnerability is classified as high severity with a CVSS score of 7.6. The impact includes high confidentiality and integrity implications, while availability is not affected.

Technical Analysis

The root cause of this vulnerability is the insecure handling of HTTP redirects by the repository_pages API in GitHub Enterprise Server. The attack vector is network-based, with low complexity required for exploitation. Attackers need low privileges and no user interaction is required to initiate an attack. The potential impacts on confidentiality and integrity are high, indicating significant risks.

Risk & Impact Analysis

Real-world deployment risk is significant given that the vulnerability allows attackers to exfiltrate authorization tokens and potentially execute remote code. The blast radius includes any organization using affected versions of GitHub Enterprise Server, which could face severe operational disruptions. Organizations should assess their exposure based on the CVSS score and prioritize patching in their immediate update cycles.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of GitHub Enterprise Server prior to 3.19 are affected by this vulnerability. Specific versions that have been patched include 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22.

Mitigation & Remediation

Organizations should prioritize patching their GitHub Enterprise Server installations to versions 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, or 3.14.22 to mitigate this vulnerability. If immediate patching is not feasible, organizations should consider implementing network controls to limit access to the vulnerable components and monitor for unusual activity.

Detection Guidance

Organizations should monitor log indicators for unauthorized redirect attempts and any unusual access patterns. Behavioral anomalies related to token access should be flagged for further investigation.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of secure handling of redirects in applications. Organizations should review their security policies and consider integrating penetration testing into their development lifecycle to identify similar weaknesses proactively.

Additionally, security teams should engage in continuous security assessments to ensure that their applications are resistant to vulnerabilities like CVE-2026-0573. For further insights into best practices, refer to our penetration testing methodology and the importance of regular updates.

Lastly, organizations should consider leveraging our application security assessment services to enhance their overall security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-0573: High Vulnerability in GitHub Enterprise Server