GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. [...]
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories.
The flaw was reported on March 4, 2026, by researchers at cybersecurity firm Wiz through GitHub's bug bounty program. GitHub Chief Information Security Officer Alexis Wales said the company's security team reproduced and confirmed the vulnerability within 40 minutes and deployed a fix to GitHub.com less than two hours after receiving the report.
Related breach coverage
- Critical GitHub Vulnerability Exposed Millions of Repositories2026-04-29
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
- CVE-2026-3854 GitHub flaw enables remote code execution2026-04-28
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise […]
- Critical bug in CrowdStrike LogScale let attackers access files2026-04-26
CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. “CrowdStrike has released security updates […]
- All supported cPanel versions hit by critical auth bug, now patched2026-04-29
cPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The flaw affects all supported versions, raising serious risks for exposed servers. cPanel is a […]