Tag

Cve 2026 3854

All articles tagged with #cve 2026 3854

security27 days ago•3 min saved

GitHub patches sweeping RCE flaw that could expose millions of repos

GitHub fixed CVE-2026-3854, a remote code execution flaw that could let attackers gain full read/write access to private repositories with a single crafted git push. Reported by Wiz in March 2026, GitHub reproduced the issue within 40 minutes and deployed a fix on GitHub.com within two hours, with patches issued for GitHub Enterprise Server across supported releases. The vulnerability affected GitHub.com and multiple GHES products; Wiz warned exploitation could have exposed most enterprises’ codebases. GitHub says no customer data was accessed and no exploitation was observed before the patch, though about 88% of reachable GHES instances were still vulnerable at disclosure, prompting administrators to upgrade promptly.

via BleepingComputer|

#cve-2026-3854 #cybersecurity #github

technology28 days ago•3 min saved

Single Git Push Suffices for GitHub Remote Code Execution (CVE-2026-3854)

Cybersecurity researchers disclosed a critical vulnerability, CVE-2026-3854, affecting GitHub.com and GitHub Enterprise Server that enables remote code execution via a single git push by injecting crafted push options into internal headers. GitHub patched the issue within two hours and released fixes for multiple GHES versions; at disclosure, about 88% of instances were vulnerable, with the risk including cross-tenant access on shared storage. No evidence of active exploitation was found; users are advised to update to the fixed releases immediately. The flaw highlights how unsanitized input in internal protocol data can create a major multi-service attack surface.

via The Hacker News|

#cve-2026-3854 #cybersecurity #github