CVE-2026-1999 Overview
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allows an attacker to merge their own pull request into a repository without having push access. The vulnerability exploits an authorization bypass in the enable_auto_merge GraphQL mutation for pull requests. This issue specifically affects repositories that allow forking, as the attack relies on opening a pull request from an attacker-controlled fork into the target repository.
Critical Impact
Attackers without push access can merge unauthorized code changes into protected repositories by bypassing authorization checks in the auto-merge functionality, potentially introducing malicious code into production codebases.
Affected Products
- GitHub Enterprise Server versions prior to 3.19.2
- GitHub Enterprise Server versions prior to 3.18.5
- GitHub Enterprise Server versions prior to 3.17.11
Discovery Timeline
- 2026-02-18 - CVE CVE-2026-1999 published to NVD
- 2026-02-19 - Last updated in NVD database
Technical Details for CVE-2026-1999
Vulnerability Analysis
This authorization bypass vulnerability (CWE-863: Incorrect Authorization) exists in the GraphQL API layer of GitHub Enterprise Server. The enable_auto_merge mutation fails to properly validate whether the authenticated user has the necessary push permissions before enabling auto-merge functionality on a pull request.
The vulnerability requires specific conditions for successful exploitation: the target repository must allow forking, the pull request must have a clean status (passing all required checks), and the target branch must not have branch protection rules enabled. These constraints limit the attack surface but do not eliminate the risk of unauthorized code merging in misconfigured repositories.
The attack flow involves an attacker forking a vulnerable repository, creating a malicious branch with code changes, opening a pull request from their fork to the target repository, and then invoking the enable_auto_merge mutation despite lacking push access. Once all status checks pass, the auto-merge proceeds without proper authorization validation.
Root Cause
The root cause lies in incomplete authorization checks within the enable_auto_merge GraphQL mutation handler. The mutation verifies that the user can create a pull request but fails to validate push access permissions before enabling the auto-merge feature. This creates a privilege escalation path where read-only contributors can effectively gain write access through the auto-merge mechanism.
Attack Vector
The attack is network-based and requires low-privilege authenticated access. An attacker must have a valid GitHub Enterprise Server account with at least read access to fork the target repository. The attack exploits the GraphQL API endpoint by sending a crafted mutation request.
The exploitation mechanism involves the attacker creating a fork, pushing malicious commits to their fork, opening a pull request to the target repository, and then calling the enable_auto_merge mutation. The server processes this request without validating that the requester has push permissions to the target branch, allowing unauthorized merges when the pull request meets all other merge requirements.
Detection Methods for CVE-2026-1999
Indicators of Compromise
- Unexpected pull request merges in repositories where the merging user lacks write permissions
- GraphQL audit log entries showing enable_auto_merge mutations from users with only read access
- Pull requests originating from forks that were merged without explicit approval from repository maintainers
- Unusual patterns of auto-merge enablement followed by immediate merge completion
Detection Strategies
- Monitor GitHub Enterprise Server audit logs for enable_auto_merge GraphQL mutation calls and correlate with user permission levels
- Implement alerts for pull request merges where the actor's permission level is below write access
- Review merged pull requests from forked repositories for signs of unauthorized access
- Query the GraphQL API audit trail for anomalous mutation patterns
Monitoring Recommendations
- Enable verbose audit logging for all GraphQL API mutations in GitHub Enterprise Server
- Configure SIEM integration to detect authorization-related anomalies in repository activities
- Implement periodic access reviews comparing merged pull requests against contributor permissions
- Set up real-time alerting for any auto-merge events on critical repositories
How to Mitigate CVE-2026-1999
Immediate Actions Required
- Upgrade GitHub Enterprise Server to patched versions 3.19.2, 3.18.5, or 3.17.11 immediately
- Audit recent pull request merges from forked repositories for potential unauthorized changes
- Enable branch protection rules on all critical branches to add an additional authorization layer
- Consider temporarily disabling auto-merge functionality until the patch is applied
Patch Information
GitHub has released security patches addressing this vulnerability in the following versions:
This vulnerability was reported via the GitHub Bug Bounty program. Organizations should prioritize upgrading to the patched versions to eliminate the authorization bypass risk.
Workarounds
- Enable branch protection rules on all branches to require additional authorization checks before merging
- Disable the auto-merge feature at the organization or repository level until patching is complete
- Restrict forking permissions on sensitive repositories to limit the attack surface
- Implement mandatory pull request reviews from users with write access as an additional control layer
# Configuration example
# Disable auto-merge at the organization level via GitHub CLI
gh api -X PATCH /orgs/{org}/settings \
-f auto_merge_allowed=false
# Enable branch protection on default branch
gh api -X PUT /repos/{owner}/{repo}/branches/main/protection \
-f required_pull_request_reviews.required_approving_review_count=1 \
-f required_pull_request_reviews.dismiss_stale_reviews=true \
-f enforce_admins=true
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
