CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitHub security advisory (AV26-650)

unknown
Serial number: AV26-650 Date: July 3, 2026 On June 30, 2026, GitHub published security advisories to address vulnerabilities in the following products: GitHub Enterprise Server – versions 3.21.x prior to 3.21.2 GitHub Enterprise Server – versions 3.20.x prior to 3.20.4 GitHub Enterprise Server – versions 3.19.x prior to 3.19.8 GitHub Enterprise Server – versions 3.18.x prior to 3.18.11 GitHub Enterprise Server – versions 3.17.x prior to 3.17.17 GitHub has stated that future patches and releases will be signed with a new public key, and customers will need to rotate to the new key before those patches and releases can be installed. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Enterprise Server 3.21.2 Enterprise Server 3.20.4 Enterprise Server 3.19.8 Enterprise Server 3.18.11 Enterprise Server 3.17.17

CSIRTS triage

What
Multiple vulnerabilities have been identified that require updates to GitHub Enterprise Server.
Who is affected
Deployments of affected versions of GitHub Enterprise Server are at risk.
Urgency
Remediation is necessary to ensure future patches can be applied securely.
Action
Update to the specified versions of GitHub Enterprise Server.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitHub Enterprise Server

Get an email when a new GitHub Enterprise Server advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
unknown
Published
2026-07-03
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/github-security-advisory-av26-650

More from Canadian Centre for Cyber Security