GitHub Blog
Securing the git push pipeline: Responding to a critical remote code execution vulnerability
ATT&CK techniques detected
T1190Exploit Public-Facing Application
58%
“##in hook execution, and ultimately execute arbitrary commands on the server. responding to the vulnerability with the root cause identified on march, 4, 2026, at 5 : 45 p. m. utc, our engineering team developed and deployed a fix to github. com at 7 : 00 p. m. utc that same day.…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
52%
“securing the git push pipeline : responding to a critical remote code execution vulnerability on march 4, 2026, we received a vulnerability report through our bug bounty program from researchers at wiz describing a critical remote code execution vulnerability affecting github. co…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
45%
“github enterprise server 3. 14. 25 or later github enterprise server 3. 15. 20 or later github enterprise server 3. 16. 16 or later github enterprise server 3. 17. 13 or later github enterprise server 3. 18. 7 or later github enterprise server 3. 19. 4 or later github enterprise …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
How we validated, fixed, and investigated a critical vulnerability in under two hours, and confirmed no exploitation.
The post Securing the git push pipeline: Responding to a critical remote code execution vulnerability appeared first on The GitHub Blog.