Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)
Roi Nisimi
·
2026-05-01
·
via Orca Security
A critical vulnerability (CVE-2026-3854, CVSS 8.7) was disclosed affecting GitHub Enterprise Server and GitHub.com, allowing attackers to execute arbitrary commands on backend servers via a single git push command. Due to the potential for full server compromise, including access to all hosted repositories and internal secrets, immediate patching is required. The following components are affected: […] The post Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854) appeared first on Orca Security .
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。