Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Published: 19 hours ago (April 28, 2026 at 02:19 PM EDT)

1 min read

Source: The Hacker News

Details

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single git push command.

The flaw, tracked as CVE‑2026‑3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve remote code execution.

Back to Blog

GitHub rushed to fix a critical vulnerability in less than six hours

Incident Overview GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI models to uncov...

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open‑source robotics platform with nearly 24,000...

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Overview Microsoft on Monday revised its advisory for a now‑patched, high‑severity security flaw impacting Windows Shell to acknowledge that it has been active...

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cyber‑criminal group published data relate...

Details

Related posts

GitHub rushed to fix a critical vulnerability in less than six hours

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack