Wiz Researchers Discover Critical GitHub RCE Vulnerability: Single git Push Command Compromises Backend Servers
Wiz Research uncovered CVE-2026-3854, a critical remote code execution flaw in GitHub’s internal git infrastructure allowing any authenticated user to execute arbitrary commands on backend servers via a single git push.