Critical GitHub RCE Flaw CVE-2026-3854 Exploitable via Single Git Push

Cybersecurity researchers have publicly disclosed a critical vulnerability in GitHub.com and GitHub Enterprise Server that makes remote code execution possible through a single git push command. The flaw, designated CVE-2026-3854 and carrying a CVSS score of 8.7, is a command injection issue. Any authenticated user with push access to a repository can exploit it to execute arbitrary code on the affected instance.

The root cause lies in insufficient sanitization of user-supplied push option values during a git push operation. According to a GitHub advisory, these values were not properly cleaned before being placed into internal service headers. The internal header format relies on a semicolon as a delimiter, and because that character can also appear in legitimate user input, an attacker could inject extra metadata fields through crafted push option values.

Google-owned cloud security firm Wiz discovered and reported the issue on March 4, 2026. GitHub validated the report and deployed a fix to GitHub.com within just two hours. The vulnerability has also been patched in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later. There is no evidence that this flaw was ever exploited maliciously.

The problem centers on how user-controlled git push options are processed. Before being inserted into the internal X-Stat header, these values lacked proper sanitization. Since the internal metadata format uses a semicolon as a delimiter, and that character could appear in user input, an attacker could bypass this oversight to inject and execute arbitrary commands.

GitHub’s Chief Information Security Officer, Alexis Wales, explained that researchers demonstrated how chaining several injected values together allowed an attacker to override the processing environment. This bypassed sandboxing protections that normally constrain hook execution, ultimately enabling arbitrary command execution on the server.

Wiz described the exploit as “remarkably easy” to execute and noted that it allows remote code execution on shared storage nodes. At the time of public disclosure, approximately 88% of instances were vulnerable. The full remote code execution chain involves three separate injections. First, an attacker injects a non-production `railsenv` value to bypass the sandbox. Second, they inject `customhooksdir` to redirect the hook directory. Third, they inject `repoprereceivehooks` with a crafted hook entry that triggers a path traversal, allowing arbitrary commands to execute as the git user.

Wiz security researcher Sagi Tzadik stated that with unsandboxed code execution as the git user, attackers gain full control over the GHES instance, including filesystem read/write access and visibility into internal service configuration.

For GitHub.com, an enterprise mode flag that defaults to `true` for GitHub Enterprise Server is set to `false` by default, which normally renders the custom hooks path inactive. However, because this flag is also passed in the X-Stat header, it is equally injectable using the same mechanism. This means code execution is possible on GitHub.com as well.

The situation is worsened by GitHub’s multi-tenant architecture and shared backend infrastructure. The company pointed out that achieving code execution on GitHub.com enabled cross-tenant exposure. An attacker could read millions of repositories on the shared storage node, regardless of the organization or user.

Given the severity of CVE-2026-3854, users are strongly advised to apply the update immediately for optimal protection. Wiz emphasized that a single git push command was enough to exploit a flaw in GitHub’s internal protocol and achieve code execution on backend infrastructure. The firm warned that when multiple services written in different languages pass data through a shared internal protocol, the assumptions each service makes about that data become a critical attack surface. Teams building multi-service architectures are encouraged to audit how user-controlled input flows through internal protocols, especially where security-critical configuration is derived from shared data formats.