VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Critical CVE-2026-3854 in GitHub: RCE via git push

Критическая уязвимость CVE-2026-3854 в GitHub: RCE через git push

Colleagues, a critical vulnerability (CVE-2026-3854) in GitHub enables RCE through a single git push.

- Discovered by Wiz; GitHub patched github.com within two hours.
- Cause: improper sanitization of push-options — X-Stat treated ';' as a separator, allowing injection and sandbox escape.
- Impact: github.com and GHES; patches released for multiple GHES versions — update servers.

Recommendation: install updates immediately and audit internal protocols for injection.

Why it matters: in multi-tenant architectures, RCE can grant access to data across many repositories.

How will you validate instances?

#cybersecurity #GitHub #RCE #infosec

Latest comments

No comments yet.