The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...

GitHub and GitHub Enterprise Server: Code smuggling via push

In GitHub and GitHub Enterprise Server, attackers with push rights to repositories can inject malicious code. Updates fix ...