SailPoint — GitHub repository breach via third-party app vulnerability

SailPoint (NASDAQ: SAIL) filed a Form 8-K with the SEC on 8 May 2026 disclosing that it had detected, on 20 April 2026, unauthorised access to a subset of its GitHub repositories. The disclosure was signed by EVP, General Counsel and Secretary Chris Schmitt. The 8-K identifies the root cause as a vulnerability in a third-party application, since remediated, that the attackers exploited to reach the repositories.

SailPoint engaged a third-party cybersecurity response firm and says its incident-response team terminated the unauthorised activity and resolved the issue. Per the filing, the investigation found no evidence that customer data in production or staging environments was accessed, and no evidence of service interruption. SailPoint has directly notified the customers whose information appeared in the affected repositories and informed its wider customer base that no further action is required at this time. The 8-K classifies the incident as not material to financial statements.

The intrusion sits in the same shape as several recent OAuth- and developer-tooling-pivot breaches catalogued here, most notably the Vercel Context.ai chain and the wider Bitwarden CLI / Checkmarx npm supply-chain campaign — third-party application trust grants providing the foothold into developer-platform code repositories. As an identity-governance vendor whose products sit at the heart of many enterprise authentication estates, SailPoint’s disclosure transparency is itself the noteworthy thing here.

A deep-dive will follow once the third-party application is named publicly, the access chain into the GitHub organisation is documented, and any post-incident detail on what the affected repositories actually contained is released.