“researchers discover critical github cve - 2026 - 3854 rce flaw exploitable via single git push cybersecurity researchers have disclosed details of a critical security vulnerability impacting github. com and github enterprise server that could allow an authenticated user to obtai…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
67%
“##thub validating and deploying a fix to github. com within two hours. the vulnerability has also been addressed in github enterprise server versions 3. 14. 25, 3. 15. 20, 3. 16. 16, 3. 17. 13, 3. 18. 8, 3. 19. 4, 3. 20. 0, or later. there is no evidence that the issue was ever e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
49%
“##ing several injected values together, the researchers demonstrated that an attacker could override the environment the push was processed in, bypass sandboxing protections that normally constrain hook execution, and ultimately execute arbitrary commands on the server, " github …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command.
The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve