Dossier
command injection
Coverage of command injection in the Nexus archive.
- Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854 (CVSS score: 8.7). The flaw allows authenticated users with push access to exploit a command injection vulnerability via a single 'git push' command.
- SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
A critical security vulnerability, CVE-2026-5760, in SGLang allows remote code execution via malicious GGUF model files. The flaw, with a CVSS score of 9.8, stems from command injection and affects the high-performance open-source serving framework.