CVE-2026-3854 GitHub flaw enables remote code execution
April 28, 2026
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug.
Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise Managed Users, and GitHub Enterprise Server.
The flaw is caused by a command injection issue, meaning an attacker with repository push access can run arbitrary commands on affected systems. With a high severity score, the bug poses serious risks for both GitHub.com and GitHub Enterprise Server users.
“An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance.” reads the advisory. “During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values.”
The flaw was reported through GitHub’s bug bounty program and fixed in Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3.
Wiz researchers reported the vulnerability on March 4, 2026, and GitHub addressed the issue within two hours.
When code is pushed to GitHub, internal services exchange metadata about the operation. The flaw arose because user-supplied git push options were not properly sanitized and were embedded into this metadata. Attackers could exploit delimiter handling to inject extra fields, tricking downstream services into treating malicious input as trusted data. This allowed them to alter execution environments, bypass sandbox protections, and run arbitrary commands on the server.
GitHub quickly fixed the issue by sanitizing inputs and released patches for Enterprise Server versions. The investigation found no real-world exploitation beyond researchers’ tests, and no customer data was compromised.
When code is pushed to GitHub, internal services exchange metadata about the operation. The flaw arose because user-supplied git push options were not properly sanitized and were embedded into this metadata. Attackers could exploit delimiter handling to inject extra fields, tricking downstream services into treating malicious input as trusted data. This allowed them to alter execution environments, bypass sandbox protections, and run arbitrary commands on the server.
GitHub quickly fixed the issue by sanitizing inputs and released patches for Enterprise Server versions. An investigation found no real-world exploitation beyond researchers’ tests, and no customer data was compromised.
Wiz researchers pointed out that this flaw was found in closed-source code using AI, showing a shift in vulnerability discovery. Despite its complexity, it’s easy to exploit. On GitHub, it enabled remote code execution on shared storage nodes, potentially exposing millions of repositories. On Enterprise Server, it could lead to full system compromise, including access to all repositories and sensitive internal data.
“GitHub Enterprise Server customers should upgrade immediately – at the time of this writing, our data indicates that 88% of instances are still vulnerable.” reported Wiz.
Attackers could escalate the flaw to full remote code execution by abusing injected fields. By altering the rails_env value, they bypassed sandbox protections and forced hooks to run in an unsafe mode. They then redirected the hook directory and used path traversal to execute arbitrary files. This chain allowed commands to run as the git service user, giving full control over the system, including filesystem access and internal configurations.
On GitHub, the same flaw could be exploited by injecting an enterprise-mode flag through internal metadata, enabling code execution even though custom hooks are normally disabled. Due to GitHub’s multi-tenant architecture, this access could expose data across environments, potentially allowing attackers to read millions of repositories on shared storage nodes.
The issue shows how a single git push could exploit trust between internal services. GitHub urged immediate patching and highlighted the need to secure how user-controlled data flows through internal protocols in complex systems.
“A single git push command was enough to exploit a flaw in GitHub’s internal protocol and achieve code execution on backend infrastructure.” concludes the report.”The vulnerability chain highlights a pattern that extends well beyond GitHub. When multiple services written in different languages pass data through a shared internal protocol, the assumptions each service makes about that data become a critical attack surface. In this case, one service assumed push option values were safe to embed verbatim. “
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CVE-2026-3854)
Stephan is the sports journalist for the Maple Grove Report.
