CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
Hosted on MSN
GitHub fixes critical flaw in private repositories
Critical flaw patched: GitHub addressed a remote code execution bug that could be exploited by anyone with push access to private repositories. High risk exposure: The vulnerability threatened ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results