Researchers Find Critical GitHub CVE-2026-3854 RCE Flaw Exploitable with Single Git Push
Cybersecurity researchers have disclosed details of a critical security vulnerability affecting GitHub.com and GitHub Enterprise Server that could allow an authorized user to discover remote code execution with a single “git push” command.
Error, followed by CVE-2026-3854 (CVSS Score: 8.7), is a command injection scenario that could allow an attacker with push access to the endpoint to execute remote code execution on the instance.
“During git push operations, user-supplied option values were not properly sanitized before being included in internal service headers,” according to GitHub’s vulnerability advisory. “Because the internal header format used a delimiter character that may appear in user input, an attacker could inject additional metadata fields with crafted push option values.”
Google-owned cloud security company Wiz is credited with discovering and reporting the issue on March 4, 2026, GitHub confirmed and posted a fix on GitHub.com within two hours.
The vulnerability was also addressed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later. There is no evidence that this subject was ever used in a malicious way.
According to GitHub, the issue affects GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise managed users, and GitHub Enterprise Server.
At its core, the problem stems from the fact that the user-supplied git push options are not cleaned up enough before the values are entered into X-Stat’s internal header. Because the internal metadata format relies on semicolons as a delimiter character that may appear in user input, a malicious actor may exploit this oversight to insert arbitrary commands and execute them.
“By combining several injected values together, researchers have shown that an attacker can bypass the processing environment, bypass the sandboxing defenses that normally suppress hook execution, and ultimately issue arbitrary commands to the server,” said GitHub’s Chief Security Officer, Alexis Wales.
Wiz, in a joint announcement, noted that the bug is “remarkably easy” to exploit, adding that it allows for remote code execution on shared storage. About 88% of cases are currently at risk of an issue at the time of public disclosure. The remote decoding chain consists of three injections −
- Inject what is not productive rails_env amount to pass the sandbox
- Inject custom_hooks_dir control redirect hook directory
- Inject repo_pre_receive_hook by including an imaginary hook that triggers a shortcut to issue arbitrary commands as a git user
“By using bare code as a git user, we had full control over the GHES instance, including read/write access to the file system and visibility into the internal service configuration,” said Wiz security researcher Sagi Tzadik.
As for GitHub.com, the enterprise mode flag – set to “true” for GitHub Enterprise Server – automatically changes to “false,” which disables the custom hooks method. But since this flag is also passed through the X-Stat header, it is equally injected using the same method, thus resulting in the code being used on GitHub.com as well.
To make things worse, given the multi-tenant architecture of GitHub and its shared back-end infrastructure, the company revealed that finding code usage on GitHub.com enables tenant exposure, effectively allowing an attacker to read millions of repositories in a shared repository, regardless of organization or user.
Due to the severity of CVE-2026-3854, users are advised to apply an update immediately for proper protection.
“A single git push command was enough to exploit a bug in GitHub’s internal protocol and execute code execution on the backend infrastructure,” Wiz said. “When multiple services written in different languages transfer data over a shared internal protocol, the assumptions each service makes about that data become a critical attack surface.”
“We encourage teams building multi-service architectures to explore how user-controlled inputs flow through internal protocols – especially when security-critical settings are available in shared data formats.”
