Skip to content
The Nexus
SECURITYApr 28 · 18:19 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854 (CVSS score: 8.7). The flaw allows authenticated users with push access to exploit a command injection vulnerability via a single 'git push' command.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this