CVE-2026-9106 (GCVE-0-2026-9106)
Vulnerability from cvelistv5 – Published: 2026-06-30 20:21 – Updated: 2026-07-01 15:37
VLAI
Title
UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://docs.github.com/en/enterprise-server@3.17… | release-notes |
| https://docs.github.com/en/enterprise-server@3.18… | release-notes |
| https://docs.github.com/en/enterprise-server@3.19… | release-notes |
| https://docs.github.com/en/enterprise-server@3.20… | release-notes |
| https://docs.github.com/en/enterprise-server@3.21… | release-notes |
| https://docs.github.com/en/enterprise-server@3.16… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GitHub | Enterprise Server |
Affected:
3.17.0 , ≤ 3.17.16
(semver)
Affected: 3.18.0 , ≤ 3.18.10 (semver) Affected: 3.19.0 , ≤ 3.19.7 (semver) Affected: 3.20.0 , ≤ 3.20.3 (semver) Affected: 3.21.0 , ≤ 3.21.1 (semver) Affected: 3.16.0 , ≤ 3.16.19 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T15:37:19.373936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T15:37:28.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.17.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.17.16",
"status": "affected",
"version": "3.17.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.18.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.18.10",
"status": "affected",
"version": "3.18.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.19.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.19.7",
"status": "affected",
"version": "3.19.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.20.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.20.3",
"status": "affected",
"version": "3.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.21.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.21.1",
"status": "affected",
"version": "3.21.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.16.20",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.16.19",
"status": "affected",
"version": "3.16.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "VAIBHAV SINGH (@vaib25vicky)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the \u003ccode\u003emanage_runners:org\u003c/code\u003e scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-173",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-173 Action Spoofing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:03:08.700Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.11"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.8"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.4"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.2"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2026-9106",
"datePublished": "2026-06-30T20:21:12.484Z",
"dateReserved": "2026-05-20T17:12:51.109Z",
"dateUpdated": "2026-07-01T15:37:28.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-9106",
"date": "2026-07-01",
"epss": "0.00293",
"percentile": "0.21047"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-9106\",\"sourceIdentifier\":\"product-cna@github.com\",\"published\":\"2026-06-30T21:16:30.803\",\"lastModified\":\"2026-07-01T19:57:18.920\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\"}],\"affected\":[{\"source\":\"product-cna@github.com\",\"affectedData\":[{\"vendor\":\"GitHub\",\"product\":\"Enterprise Server\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"3.17.0\",\"lessThanOrEqual\":\"3.17.16\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.17.17\",\"status\":\"unaffected\"}]},{\"version\":\"3.18.0\",\"lessThanOrEqual\":\"3.18.10\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.18.11\",\"status\":\"unaffected\"}]},{\"version\":\"3.19.0\",\"lessThanOrEqual\":\"3.19.7\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.19.8\",\"status\":\"unaffected\"}]},{\"version\":\"3.20.0\",\"lessThanOrEqual\":\"3.20.3\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.20.4\",\"status\":\"unaffected\"}]},{\"version\":\"3.21.0\",\"lessThanOrEqual\":\"3.21.1\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.21.2\",\"status\":\"unaffected\"}]},{\"version\":\"3.16.0\",\"lessThanOrEqual\":\"3.16.19\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.16.20\",\"status\":\"unaffected\"}]}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-01T15:37:19.373936Z\",\"id\":\"CVE-2026-9106\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-451\"}]}],\"references\":[{\"url\":\"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.11\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.8\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.4\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.2\",\"source\":\"product-cna@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-9106\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-01T15:37:19.373936Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-01T15:37:23.482Z\"}}], \"cna\": {\"title\": \"UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"VAIBHAV SINGH (@vaib25vicky)\"}], \"impacts\": [{\"capecId\": \"CAPEC-173\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-173 Action Spoofing\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 4.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GitHub\", \"product\": \"Enterprise Server\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"3.17.17\", \"status\": \"unaffected\"}], \"version\": \"3.17.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.17.16\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.18.11\", \"status\": \"unaffected\"}], \"version\": \"3.18.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.18.10\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.19.8\", \"status\": \"unaffected\"}], \"version\": \"3.19.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.19.7\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.20.4\", \"status\": \"unaffected\"}], \"version\": \"3.20.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.20.3\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.21.2\", \"status\": \"unaffected\"}], \"version\": \"3.21.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.21.1\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.16.20\", \"status\": \"unaffected\"}], \"version\": \"3.16.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.16.19\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.11\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.8\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.4\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.2\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the \u003ccode\u003emanage_runners:org\u003c/code\u003e scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-451\", \"description\": \"CWE-451: User Interface (UI) Misrepresentation of Critical Information\"}]}], \"providerMetadata\": {\"orgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"shortName\": \"GitHub_P\", \"dateUpdated\": \"2026-07-01T13:03:08.700Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-9106\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-01T15:37:28.521Z\", \"dateReserved\": \"2026-05-20T17:12:51.109Z\", \"assignerOrgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"datePublished\": \"2026-06-30T20:21:12.484Z\", \"assignerShortName\": \"GitHub_P\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…