Vulnerability intelligence
CVE-2026-3854
Official description is being retrieved from NVD — refresh shortly.
CVSS Score
8.7
High
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
6 articles across 5 outlets · first covered Apr 28, 2026 · latest May 4, 2026
Associated threat actors
Coverage timeline
-
Hacker News Weekly: Exploits Outpace Patches, Systems at Risk.thehackernews.com · May 4, 2026
-
AI Tools Uncover Critical GitHub RCE Bug CVE-2026-3854www.darkreading.com · Apr 29, 2026
-
CVE-2026-3854: GitHub patches critical RCE bug in push pipelinesocradar.io · Apr 29, 2026
-
Critical GitHub RCE flaw lets attackers run code via simple pushwww.securityweek.com · Apr 29, 2026
-
CVE-2026-3854 flaw lets attackers run code via simple git pushsecurityaffairs.com · Apr 28, 2026
-
GitHub flaw (CVE-2026-3854) lets attackers run code via one pushthehackernews.com · Apr 28, 2026