diff --git a/CHANGELOG.md b/CHANGELOG.md
index c1702cec960..f4a4da1f575 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - Trivy: use `misconfig` instead of the deprecated `config` scanner, updating the default arguments
   - Update calls to sfdx-scanner to output a CSV file for Aura & LWC
   - Kics: fixed error count in the summary table
+  - Fix issue with EXTENDS using private repository by sending GITHUB_TOKEN as HTTP auth header
   - Fix SPELL_VALE_CONFIG_FILE not working (handle the override of linter CONFIG_FILE if the linter is activated only if some files are found)
 
 - Doc
diff --git a/megalinter/config.py b/megalinter/config.py
index e296759017c..c4e0c86104b 100644
--- a/megalinter/config.py
+++ b/megalinter/config.py
@@ -109,7 +109,14 @@ def combine_config(workspace, config, combined_config, config_source):
         extends = extends.split(",")
     for extends_item in extends:
         if extends_item.startswith("http"):
-            r = requests.get(extends_item, allow_redirects=True)
+            headers = {}
+            if (
+                extends_item.startswith("https://raw.githubusercontent.com")
+                and "GITHUB_TOKEN" in os.environ
+            ):
+                github_token = os.environ["GITHUB_TOKEN"]
+                headers["Authorization"] = f"token {github_token}"
+            r = requests.get(extends_item, allow_redirects=True, headers=headers)
             assert (
                 r.status_code == 200
             ), f"Unable to retrieve EXTENDS config file {extends_item}"