Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)
Wiz PoC. No publicly known exploits. Claimed they used AI to discover it. >any authenticated user could execute arbitrary commands on GitHub's backend servers with a single git pushcommand - using nothing but a standard git client. >GitHub Enterprise Server customers should upgrade immediately - a
ORIGINAL SOURCE →via Reddit r/cybersecurity
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] OpenAI rolls out new model for cybersecurity teams a month after Anthropic's Mythos debut
- [CYBER] Dirty Frag: Unpatched Linux vulnerability delivers root access
- [CYBER] This Week in Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, and Backdoored Tools
- [CYBER] Major data breach impacts schools across US
- [CYBER] Anthropic's Mythos set off a cybersecurity 'hysteria.' Experts say the threat was already here
- [CYBER] 'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit