TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Lobsters — security tag

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

wiz.io via samuelkarp · 2026-04-28 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
76%
"##o _ pre _ receive _ hooks. to understand why, we need to look at how the pre - receive hook binary handles custom hooks. ghes supports admin - defined custom pre - receive hooks - scripts that run before a push is accepted. by reverse engineering the pre - receive binary, we di…"
T1190Exploit Public-Facing Application
76%
"github rce vulnerability : cve - 2026 - 3854 breakdown wiz research uncovered a critical vulnerability ( cve - 2026 - 3854 ) in github ' s internal git infrastructure that could have affected both github. com and github enterprise server. by exploiting an injection flaw in github…"
T1203Exploitation for Client Execution
73%
". git abc1234.. def5678 master - > master with unsandboxed code execution as the git user, we had full control over the ghes instance, including filesystem read / write access and visibility into internal service configuration. from ghes to github. com we had rce on github enterp…"
T1190Exploit Public-Facing Application
64%
"out of its designated field and creates new, attacker - controlled fields. consider a push option value that contains a semicolon followed by a security field name. babeld embeds it verbatim, producing a header like : the attacker ' s value wins because it appears later in the he…"
T1190Exploit Public-Facing Application
34%
"##ub. com : user / repo. git abc1234.. def5678 main - > main rce on github. com - confirmed. cross - tenant impact rce on github enterprise server is a critical vulnerability. on github. com, the same flaw had broader implications due to the shared infrastructure serving multiple…"

Summary

<p><a href="https://lobste.rs/s/8fxgx7/github_rce_vulnerability_cve_2026_3854">Comments</a></p>