GitHub Patched Critical `git push` RCE Affecting Cloud and Enterprise Server
GitHub disclosed and patched CVE-2026-3854, a critical command-injection flaw in its git push pipeline that allowed an authenticated user with repository push access to trigger remote code execution using a single crafted push. Wiz reported the bug on March 4, and GitHub said it reproduced the issue within about 40 minutes and deployed a fix to GitHub.com within roughly two hours, later publishing patches for supported GitHub Enterprise Server releases including 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3. The vulnerability stemmed from unsanitized user-supplied push option values being inserted into internal X-Stat headers, enabling attackers to inject trusted metadata, bypass sandboxing, and execute commands as the git service user.
Researchers said the flaw could have led to full server compromise on GitHub Enterprise Server and, on GitHub.com, code execution on shared storage infrastructure where millions of repositories were accessible to the git service account, creating potential cross-tenant exposure. GitHub said forensic analysis and telemetry found no evidence of malicious exploitation and no indication that customer data was accessed, modified, or exfiltrated, but urged Enterprise Server administrators to upgrade immediately and review logs for suspicious push activity. Wiz described the bug as easy to exploit and highlighted its use of AI-assisted reverse engineering tools, including IDA MCP, to uncover the issue in GitHub’s closed-source components.
Timeline
Apr 28, 2026
Wiz publishes technical details for GitHub CVE-2026-3854
Wiz published its research on CVE-2026-3854, explaining how unsanitized git push options were copied into internal X-Stat headers and enabled remote code execution. The disclosure described impact on GitHub.com shared storage nodes and potential full compromise of GitHub Enterprise Server.
Apr 28, 2026
GitHub publicly discloses CVE-2026-3854 and releases GHES patches
GitHub publicly disclosed CVE-2026-3854, a critical git push pipeline command injection issue affecting GitHub.com and GitHub Enterprise Server. It released patched GHES versions across supported release lines and advised administrators to upgrade immediately.
Apr 28, 2026
ZDI publishes OpenAI Codex sandbox escape as a 0-day advisory
ZDI publicly disclosed the OpenAI Codex sandbox escape as advisory ZDI-26-305, describing insufficient isolation in the JavaScript execution environment. ZDI said OpenAI had reproduced the behavior but considered it out of scope for its bug bounty program and not part of Codex's default product surface.
Apr 28, 2026
Xen publishes XSA-489 covering five validated XAPI RBAC flaws
Xen.org released Xen Security Advisory 489 for five RBAC-related XAPI vulnerabilities: CVE-2026-23559, CVE-2026-23560, CVE-2026-23561, CVE-2026-23562, and CVE-2026-42486. The advisory said the XAPI team validated 5 real vulnerabilities out of the 89 public claims and recommended disabling lower-privileged RBAC roles until fixes are applied.
Apr 24, 2026
Researcher publicly discloses 89 XAPI vulnerabilities
A researcher published an independent audit disclosing 89 claimed exploitable vulnerabilities in XAPI used by Citrix XenServer/Hypervisor and XCP-ng. The disclosure said the issues stemmed from architectural failures in unvalidated Map(String,String) fields and included extensive proof-of-concept and detection materials.
Mar 4, 2026
GitHub reproduces and fixes GitHub.com CVE-2026-3854 within hours
After receiving Wiz's report, GitHub reproduced the issue within about 40 minutes, identified the root cause the same day, and deployed a fix to GitHub.com in under two hours. GitHub later said forensic analysis found no evidence of exploitation or customer data compromise.
Mar 4, 2026
Wiz reports critical GitHub git push RCE to GitHub
Wiz reported a command injection vulnerability later assigned CVE-2026-3854 to GitHub through the bug bounty program. The flaw allowed an authenticated user with push access to achieve remote code execution via crafted git push options.
Feb 24, 2026
ZDI reports OpenAI Codex sandbox escape to OpenAI
Trend Micro's Zero Day Initiative reported a Codex sandbox escape vulnerability, later tracked as ZDI-26-305 / ZDI-CAN-29475, to OpenAI. The flaw allowed code execution as the current user when processing a repository containing malicious JavaScript.
Sep 25, 2024
Citrix releases XenServer and Hypervisor fixes for September 2024 flaws
Citrix issued a September 2024 security update for XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR addressing CVE-2024-45817 and net-snmp flaws CVE-2022-24805 and CVE-2022-24809. Citrix recommended restricting management interface access and upgrading affected systems.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
5 more from sources like runzero blog, security affairs, the hacker news, mastodon stream and github.blog
Related Stories
GitHub `Kernel#send()` Flaw Exposed Secrets and Enabled GHES RCE Path
A vulnerability tracked as **`CVE-2024-0200`** allowed attackers with organization owner privileges to abuse an unsafe Ruby `Kernel#send()` call in GitHub’s organization repository settings flow and invoke unintended zero-argument methods on `Repository` objects. Researchers showed the bug could be used to trigger `Repository::GitDependency#nw_fsck()` and leak roughly **2 MB of environment variables** from a production GitHub.com container, exposing access keys, secrets, and internal configuration because spawned git processes inherited the parent environment. The issue affected **GitHub.com** and **GitHub Enterprise Server (GHES)** instances with GitHub Actions enabled, but the impact was more severe on GHES. STAR Labs reported that leaked variables on GHES could include `ENTERPRISE_SESSION_SECRET` and other Marshal-related secrets, which could be chained with forged Rails session cookies and an unsafe `Marshal.load` path to achieve **remote code execution**. GitHub hotfixed GitHub.com on December 26, 2023, and later released a patch and advisory, while recommended mitigations included allowlisting the `rid_key` parameter, reducing environment variables passed to git processes, rotating exposed secrets, and monitoring `repository_items` requests for abnormal `rid_key` values.
2 weeks ago
Misconfigured `pull_request_target` GitHub Actions enabled supply chain compromises
Researchers reported that insecure GitHub Actions workflows using the privileged `pull_request_target` trigger exposed major open source repositories to secret theft and supply chain abuse. Sysdig found workflows in projects including **MITRE** `mitre-attack/car`, **Splunk** `security_content`, and **spotipy** that checked out and executed untrusted forked pull request code in privileged CI contexts, enabling exfiltration of secrets and abuse of high-permission `GITHUB_TOKEN` access. Spotipy assigned **`CVE-2025-47928`** and fixed the issue after disclosure, MITRE remediated its workflow, and Splunk patched its pipeline. Wiz later described a large-scale campaign dubbed **prt-scan** that weaponized the same weakness across GitHub, sending more than 500 malicious pull requests in multiple waves and using increasingly tailored, AI-assisted payloads against Python, Node.js, Go, Rust, and GitHub Actions projects. Most attempts were blocked by contributor approval gates and workflow restrictions, but Wiz confirmed compromise of at least two npm packages—**`@codfish/eslint-config`** and **`@codfish/actions`**—across 106 versions, along with theft of credentials including **AWS keys**, **Cloudflare API tokens**, and **Netlify auth tokens**. The incidents underscored that repositories running untrusted PR code under `pull_request_target` can turn CI/CD pipelines into a direct path for secret exposure and downstream package compromise.
2 weeks ago
GitLab patches CSRF and XSS flaws enabling token theft and browser-side code execution
GitLab disclosed and remediated three high-severity vulnerabilities in GitLab CE/EE that could be exploited by unauthenticated attackers under certain conditions. **CVE-2026-4922** is a cross-site request forgery flaw (`CWE-352`) that could let an attacker trigger GraphQL mutations as an authenticated user, while **CVE-2026-5262** is a cross-site scripting issue (`CWE-79`) that could expose tokens in the Storybook development environment. GitLab also fixed **CVE-2026-5816**, an improper path validation flaw (`CWE-41`) that could allow arbitrary JavaScript execution in a victim’s browser session. The issues affect multiple GitLab CE/EE release lines, with patched versions identified as **18.9.6**, **18.10.4**, and **18.11.1** depending on the flaw. CVE-2026-4922 affects versions from `17.0` before `18.9.6`, `18.10` before `18.10.4`, and `18.11` before `18.11.1`; CVE-2026-5262 affects versions from `16.1.0` before `18.9.6`, `18.10` before `18.10.4`, and `18.11` before `18.11.1`; and CVE-2026-5816 affects `18.10` before `18.10.4` and `18.11` before `18.11.1`. The vulnerabilities carry CVSS v3.1 ratings reflecting high confidentiality and integrity impact, and GitLab linked the disclosures to its patch release notice, internal work items, and HackerOne reports.
1 weeks ago