CVE-2026-3854
Coverage of CVE-2026-3854 in the Nexus archive.
- GitHub fixes RCE flaw that gave access to millions of private repos
GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) in early March that could have allowed attackers to access millions of private repositories. The flaw, if exploited, would have exposed sensitive code and data stored in private GitHub projects.
- Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854 (CVSS score: 8.7). The flaw allows authenticated users with push access to exploit a command injection vulnerability via a single 'git push' command.
- GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
A critical Remote Code Execution (RCE) vulnerability, CVE-2026-3854, was disclosed in GitHub, allowing attackers to execute arbitrary code. The flaw, detailed in a Wiz.io blog post, has sparked discussion on Hacker News with 11 comments and 23 upvotes.