CVE-2026-8606 is an SSRF vulnerability in GitHub Enterprise Server that allows manipulation of server-side HTTP requests when the GitHub Packages feature is enabled, potentially exposing signing secrets and private keys stored as environment variables. EPSS sits at the 22nd percentile and no active exploitation has been confirmed. Specific affected versions and official patch release have not been confirmed in available source data; monitor GitHub Security Advisories for authoritative version scope and remediation guidance.