Critical GitHub Vulnerability Exposed Millions of Repositories
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
Researchers at cloud security giant Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
The vulnerability, tracked as CVE-2026-3854, affected the code-hosting platform’s internal Git infrastructure. It impacted both GitHub Enterprise Server and GitHub.com.
“By exploiting an injection flaw in GitHub’s internal protocol, any authenticated user could execute arbitrary commands on GitHub’s backend servers with a single git push command – using nothing but a standard git client,” Wiz explained.
Source: https://www.securityweek.com/critical-github-vulnerability-exposed-millions-of-repositories/
Related breach coverage
- GitHub fixes RCE flaw that gave access to millions of private repos2026-04-29
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. [...]
- CVE-2026-3854 GitHub flaw enables remote code execution2026-04-28
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise […]
- Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks2026-04-30
An attacker could have planted a malicious configuration to execute commands outside the sandbox. The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek.
- EnOcean SmartServer Flaws Expose Buildings to Remote Hacking2026-04-30
Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution. The post EnOcean SmartServer Flaws Expose Buildings to Remote Hacking appeared first on SecurityWeek.