TL;DR — 15 Second Read
- →Security researchers at Wiz found a critical flaw where an attacker can execute arbitrary code on a GitHub server just by running a crafted git push.
- →The bug exploits improperly sanitized semicolons in internal headers, allowing attackers to break out of sandboxes and access shared storage nodes.
- →GitHub patched their cloud service within two hours, but self-hosted Enterprise Server admins must apply updates immediately to secure their instances.
It sounds like a DevOps nightmare: total server compromise triggered by a routine developer command. But that’s exactly what happened with CVE-2026-3854. Discovered by the cloud security team at Wiz, this critical Remote Code Execution (RCE) vulnerability carries an 8.7 CVSS score and turns a standard git push into a devastating attack vector. While GitHub moved incredibly fast to patch their cloud infrastructure, the clock is ticking for self-hosted Enterprise environments. Here is a breakdown of how the "One-Push" exploit works and how to lock your servers down.
How to Fix
Step-by-step remediation
- 1Verify Your Version: Check your current GitHub Enterprise Server (GHES) version. About 88% of instances were vulnerable at the time of disclosure. If you are running anything older than the newly released patches, you are at risk.
- 2Apply the Patch Immediately: Upgrade to one of the secured GHES versions provided by GitHub: 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, or 3.20.0.
- 3Audit Your Logs: Even though there is no public evidence of active exploitation yet, review your audit logs around early March for any suspicious push activity.
What happened
At the heart of this bug is a classic command injection flaw involving how internal systems talk to each other. When you push code, GitHub passes that data through an internal metadata header called X-Stat.
- 1The Semicolon Slip-Up: The X-Stat header uses semicolons to separate its data fields. However, GitHub didn't properly sanitize user-supplied git push options. By sneaking semicolons into a push command, an attacker could force the system to read their malicious input as official internal commands.
- 2The Three-Step Chain: Wiz researchers chained three specific injections to execute the attack. First, they injected a fake rails_env value to bypass GitHub's sandbox constraints. Next, they injected custom_hooks_dir to redirect where hooks are executed. Finally, they used repo_pre_receive_hooks to trigger a path traversal, ultimately executing their own arbitrary code.
- 3The Cloud Pivot: Even though GitHub.com defaults to turning custom hooks off, that configuration flag is also passed through the vulnerable X-Stat header. Attackers could simply inject a command to flip the flag to "true," effectively enabling the exploit on the cloud environment as well.
Signs You Are Being Targeted:
- Highly unusual git push options appearing in your server's access logs, specifically those containing semicolons or referencing internal variables like rails_env.
- Unexpected execution of hooks outside of your organization's standard CI/CD workflow.
- Anomalous server-side behaviour executed under the git user account.
Real-World Impact
This isn't just about defacing a repository; it’s about total infrastructure compromise. Because GitHub utilizes shared backend storage nodes, getting RCE as the git user effectively grants cross-tenant exposure. On a shared cloud node, an attacker could theoretically read millions of repositories, stealing proprietary source code and hardcoded secrets regardless of which organization actually owned them.
🛡️ Prevention Tips
- Audit Internal Protocols: If your team builds multi-service architectures, strictly validate how user input flows between services, especially when relying on shared text-based formats for security configurations.
- Keep GHES Updated: Treat your source code management servers like critical perimeter infrastructure. Keep your patch cycles tight.
- Restrict Push Access: Enforce the principle of least privilege. Only grant push access to verified, authenticated developers who strictly need it.
FAQs
Do I need to worry if my company only uses GitHub.com?
No. GitHub deployed a fix to their cloud services (including Enterprise Cloud and Data Residency) within two hours of Wiz reporting the bug. You only need to take action if you manage your own on-premise servers.
How hard is this vulnerability to exploit?
Unfortunately, it is remarkably easy. Wiz noted that any authenticated user with basic push access to a repository could execute the attack chain just by formatting their push options correctly.
Has anyone actually used this in the wild?
As of right now, GitHub states there is no evidence that CVE-2026-3854 was ever exploited maliciously before the patch was rolled out.
Read Next
CVE-2026-33626: LMDeploy SSRF Flaw Exploited in 12 Hours — Attackers Stole AWS Cloud Credentials via AI Image Loader
CVE-2026-33626: LMDeploy SSRF Flaw Exploited in 12 Hours — Attackers Stole AWS Cloud Credentials via AI Image Loader
apple · ios
CVE-2026-28950: Apple Patches iOS Flaw That Let FBI Extract Deleted Signal Messages From Push Notification Database
cohere ai · terrarium
CVE-2026-5752: Cohere AI Terrarium Sandbox Flaw Allows Root Code Execution and Container Escape — No Patch Coming
microsoft · patch tuesday
Microsoft April 2026 Patch Tuesday: SharePoint Zero-Day CVE-2026-32201 Actively Exploited + CVSS 9.8 Windows IKE RCE Among 169 Fixes
Last updated: May 5, 2026