GitHub RCE Flaw Let Attackers Access Millions of Private Repos

Security researchers at Wiz disclosed a critical remote code execution vulnerability in GitHub that could have allowed attackers to compromise millions of private repositories with a single malicious git push command. The flaw, tracked as CVE-2026-3854, earned a CVSS score of 8.7 and affected both GitHub.com and GitHub Enterprise Server installations worldwide.

GitHub patched the vulnerability on its cloud platform within six hours of disclosure, but the company's disclosure revealed a troubling statistic: 88% of self-hosted GitHub Enterprise Server instances remained vulnerable as of the April 28 public disclosure. For organizations running GHES, the attack surface is severe—full server compromise including access to all repositories and internal secrets.

How the Attack Works

The vulnerability exploited insufficient sanitization of git push options. When users push code to GitHub, they can pass metadata through push options that get incorporated into internal processing systems. GitHub's internal metadata format used semicolons as delimiters between fields—and the user-supplied values weren't stripped of semicolons before being embedded.

This created a classic injection vulnerability. An attacker with push access to any repository could craft a git push operation with semicolons in the push option values. Those semicolons would be interpreted as field delimiters by downstream services, allowing the attacker to inject arbitrary metadata fields. Due to last-write-wins parsing semantics, these injected fields would override legitimate security configurations.

According to Wiz's technical writeup, the injected data could "override the environment the push was processed in, bypass sandboxing protections that normally constrain hook execution, and ultimately execute arbitrary commands on the server."

The attack chain shares conceptual similarities with the ASP.NET Core cookie forgery vulnerability we covered last week—both exploited trust boundaries in serialized data formats.

Impact Varies by Deployment

On GitHub.com, successful exploitation gave attackers code execution as the git service user on shared storage nodes. Wiz confirmed that millions of public and private repositories belonging to other users and organizations were accessible from these compromised nodes. The cross-tenant exposure represents a nightmare scenario for enterprise customers trusting GitHub with proprietary source code.

For GitHub Enterprise Server, the impact was even worse. An attacker could fully compromise the server and gain access to every repository stored on the instance, plus any internal secrets like CI/CD tokens, deployment keys, and integration credentials.

"This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols," the Wiz team noted in their disclosure.

Timeline and Response

The discovery-to-patch timeline was remarkably compressed:

1. March 4, 2026, 5:45 PM UTC: Wiz reported the vulnerability
2. March 4, 2026, 7:00 PM UTC: GitHub deployed fixes to github.com
3. March 10, 2026: GHES patches released across all supported versions
4. April 28, 2026: Public disclosure

GitHub's forensic investigation found no evidence of real-world exploitation. The vulnerable code path was "never used during normal operations," which allowed GitHub to definitively confirm through telemetry that no attacker had discovered and exploited it before the researchers.

This stands in contrast to other recent vulnerability disclosures where exploitation was confirmed in the wild, like the Windows Shell flaw being actively exploited by APT28 or the cPanel authentication bypass that attackers weaponized before patches shipped.

Patch Your Enterprise Servers

The following GHES versions contain the fix:

• 3.14.24 and later
• 3.15.19 and later
• 3.16.15 and later
• 3.17.12 and later
• 3.18.6 and later
• 3.19.3 and later

Organizations running GHES should upgrade immediately. The 88% unpatched rate nearly two months after patches became available represents a significant attack surface. Any developer with push access to a repository could exploit this—meaning insider threats, compromised credentials, or supply chain attacks through malicious contributors all become viable vectors.

Why This Matters

GitHub hosts over 100 million repositories and serves as the backbone of modern software development. A vulnerability that allows cross-tenant access on shared infrastructure undermines the fundamental trust model of cloud-hosted version control.

The attack requiring only push access—not admin privileges—dramatically expands the potential attacker pool. Every developer with commit rights to a repository could theoretically exploit this, making credential hygiene and access reviews more important than ever.

For security teams evaluating their exposure, the key questions are straightforward: Are you running GitHub Enterprise Server? If yes, what version? If vulnerable, patch now. The fix is available and exploitation requires only basic authenticated access.

Organizations relying on github.com don't need to take action—GitHub already remediated the cloud platform. But the incident highlights the risks of self-hosted deployments where patch adoption lags behind vendor releases. For deeper reading on software supply chain security risks like this, check our cybersecurity books resource page which covers several titles on modern development security challenges.