Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

AndyC 29 April 2026

Ravie LakshmananApr 28, 2026Vulnerability / Software Security

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Ravie LakshmananApr 28, 2026Vulnerability / Software Security

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command.

The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve remote code execution on the instance.

“During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers,” per a GitHub advisory for the vulnerability. “Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values.”

Google-owned cloud security firm Wiz has been credited with discovering and reporting the issue on March 4, 2026, with GitHub validating and deploying a fix to GitHub.com within two hours.

The vulnerability has also been addressed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later. There is no evidence that the issue was ever exploited in a malicious context.

According to GitHub, the issue affects GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise Managed Users, and GitHub Enterprise Server.

At its core, the problem stems from the fact that user-supplied git push options are not adequately sanitized before the values were incorporated into the internal X-Stat header. Because the internal metadata format relies on a semicolon as a delimiter character that could also appear in the user input, a bad actor could exploit this oversight to inject arbitrary commands and have them executed.

“By chaining several injected values together, the researchers demonstrated that an attacker could override the environment the push was processed in, bypass sandboxing protections that normally constrain hook execution, and ultimately execute arbitrary commands on the server,” GitHub’s Chief Information Security Officer, Alexis Wales, said.

Wiz, in a coordinated announcement, noted that the issue is “remarkably easy” to exploit, adding that it allows remote code execution on shared storage nodes. About 88% of instances are currently vulnerable to the issue at the time of public disclosure. The remote code execution chain strings together three injections –

  • Inject a non-production rails_env value to bypass the sandbox
  • Inject custom_hooks_dir to control to redirectthe hook directory
  • Inject repo_pre_receive_hooks with a crafted hook entry that triggers path traversal to execute arbitrary commands as the git user

“With unsandboxed code execution as the git user, we had full control over the GHES instance, including filesystem read/write access and visibility into internal service configuration,” Wiz security researcher Sagi Tzadik said.

As for GitHub.com, an enterprise mode flag – that’s set to “true” for GitHub Enterprise Server – defaults to “false,” rendering the custom hooks path inactive. But since this flag is also passed in the X-Stat header, it’s equally injectable using the same mechanism, thereby resulting in code execution on GitHub.com as well.

To make matters worse, given GitHub’s multi-tenant architecture and its shared backend infrastructure, the company pointed out that obtaining code execution on GitHub.com enabled cross-tenant exposure, effectively allowing an attacker to read millions of repositories on the shared storage node, irrespective of the organization or user.

In light of the severity of CVE-2026-3854, users are advised to apply the update immediately for optimal protection.

“A single git push command was enough to exploit a flaw in GitHub’s internal protocol and achieve code execution on backend infrastructure,” Wiz said. “When multiple services written in different languages pass data through a shared internal protocol, the assumptions each service makes about that data become a critical attack surface.”

“We encourage teams building multi-service architectures to audit how user-controlled input flows through internal protocols – especially where security-critical configuration is derived from shared data formats.”

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

What do you feel about this?

More Stories

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

AndyC 29 April 2026
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

AndyC 29 April 2026
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

AndyC 29 April 2026
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

AndyC 29 April 2026
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

AndyC 29 April 2026
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

AndyC 29 April 2026

You may have missed

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026
How bail bond scams are using AI to target families

How bail bond scams are using AI to target families

AndyC 29 April 2026
Open is Not Costless: Reclaiming Sustainable Infrastructure

Open is Not Costless: Reclaiming Sustainable Infrastructure

AndyC 29 April 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.