GITHUB has released urgent security updates for vulnerabilities in GitHub Enterprise Server versions 3.16 to 3.20. Key issues addressed include: 1) Revocation of the release package signing key, requiring local GPG key rotation to avoid untrusted packages. 2) A severe server-side request forgery (SSRF) vulnerability (CVE-2026-9312) that could expose internal services. 3) Local privilege escalation vulnerabilities in the Linux kernel (CVE-2026-43284 and CVE-2026-43500) allowing root access.
4) A timing side-channel vulnerability (CVE-2026-8606) that leaks sensitive environment variables. Applying these updates is critical for protecting organizational infrastructure against threats.