SECURITYWEEK reports that researchers at Wiz uncovered a critical remote code execution flaw, CVE-2026-3854, affecting GitHub[.]com and GitHub Enterprise Server. According to Wiz, exploitation could allow any authenticated user to run arbitrary commands on GitHub’s backend servers with a single git push, using only a standard git client.
The vulnerability impacted GitHub’s internal Git infrastructure across GitHub Enterprise Server and GitHub[.]com, with the company noting that on GitHub[.]com it could enable remote code execution on shared storage nodes and exposed millions of public and private repositories. GitHub has said that, while authentication may seem to mitigate risk, any user with push access to a repository could exploit the flaw.
The patch was deployed to GitHub[.]com on 4 March, with Enterprise Server updates following on 10 March, though Wiz reported that 88% of Enterprise Server instances had not yet been updated.