Cybersecurity researchers have detailed a critical security vulnerability affecting GitHub.com and GitHub Enterprise Server. This vulnerability could allow an authenticated user to execute remote code with a single “git push” command.
This flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to the repository to execute remote code on an instance.
“During a git push operation, user-specified push option values were not properly sanitized before being included in internal service headers,” according to the GitHub advisory for the vulnerability. “The internal header format used delimiters that could also appear in user input, allowing an attacker to inject additional metadata fields via a crafted push option value.”
Google-owned cloud security company Wiz reportedly discovered and reported the issue on March 4, 2026, and GitHub verified and deployed a fix to GitHub.com within two hours.
This vulnerability is also addressed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0 and later. There is no evidence that this issue has been exploited in malicious situations.
According to GitHub, this issue affects GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise Managed Users, and GitHub Enterprise Server.
The core of the issue stems from the fact that user-specified git push options are not properly sanitized before their values are incorporated into internal X-Stat headers. Because the internal metadata format relies on semicolons as delimiters that can also appear in user input, a malicious attacker could exploit this oversight to inject and cause arbitrary commands to be executed.
“Researchers have demonstrated that by chaining together multiple injected values, they can override the environment in which the push was processed, bypass sandbox protections that would normally restrict hook execution, and ultimately execute arbitrary commands on the server,” said Alexis Wales, GitHub’s chief information security officer.
Wiz noted in a joint announcement that the issue is “very easy” to exploit, adding that it could potentially lead to remote code execution on shared storage nodes. At the time of publication, approximately 88% of instances are vulnerable to this issue. A remote code execution chain connects the three injections.
Injecting non-production rails_env values to bypass the sandbox Injecting custom_hooks_dir to control hook directory redirection Injecting a crafted hook entry into repo_pre_receive_hooks that triggers path traversal and executes arbitrary commands as the git user
“By running unsandboxed code as a git user, we had complete control over the GHES instance, including read/write access to the file system and visibility into internal service configurations,” said Wiz security researcher Sagi Tzadik.
For GitHub.com, the enterprise mode flag (set to ‘true’ in GitHub Enterprise Server) defaults to ‘false’, making custom hook paths inactive. However, this flag is also passed in the X-Stat header, so it can be injected as well using the same mechanism, resulting in code execution on GitHub.com.
To make matters worse, the company noted that given GitHub’s multi-tenant architecture and its shared backend infrastructure, obtaining code execution on GitHub.com allows for cross-tenant exposure, effectively allowing an attacker to read millions of repositories on shared storage nodes, regardless of organization or user.
Given the severity of CVE-2026-3854, we recommend that users apply the update immediately for optimal protection.
“A single git push command was enough to exploit a flaw in GitHub’s internal protocols and execute code on the backend infrastructure,” Wiz said. “When multiple services written in different languages pass data through a shared internal protocol, the assumptions each service makes about that data become a key attack surface.”
“We encourage teams building multi-service architectures to audit how user-controlled inputs flow through internal protocols, especially when security-critical configurations derive from shared data formats.”
Source link
