Cybersecurity researchers have disclosed details of a critical security vulnerability affecting GitHub.com and GitHub Enterprise servers that could allow an authenticated user to achieve remote code execution with a single “git push” command.
Defects, tracked as CVE-2026-3854 (CVSS Score: 8.7), there is a case of command injection that could allow an attacker to push access to the repository to achieve remote code execution on the instance.
According to the GitHub advisory for the vulnerability, “During a Git push operation, user-supplied push option values were not properly sanitized before being included in the internal service header.” “Because the inner header format uses a delimiter character that may also appear in user input, an attacker could inject additional metadata fields via crafted push option values.”
Google-owned cloud security firm Wiz is credited with discovering and reporting the issue on March 4, 2026, with GitHub verifying and deploying a fix on GitHub.com within two hours.
The vulnerability is also addressed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later. There is no evidence that this issue was ever exploited in a malicious context.
According to GitHub, this issue affects GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with data residency, GitHub Enterprise Cloud with enterprise managed users, and GitHub Enterprise Server.
At its core, the problem arises from the fact that user-supplied git push options are not adequately cleaned up before including the values in the internal X-State header. Because the internal metadata format relies on the semicolon as a delimiter character that may also appear in user input, a bad actor could exploit this oversight to inject arbitrary commands and execute them.
Alexis Wells, GitHub’s chief information security officer, said, “By combining multiple injected values together, researchers demonstrated that an attacker could override the environment in which the push was processed, bypass the sandboxing protections that normally impede hook execution, and ultimately execute arbitrary commands on the server.”
Viz said in a coordinated announcement that the issue is “remarkably easy” to exploit, adding that it allows remote code execution on shared storage nodes. Currently about 88% of the cases are sensitive to this issue at the time of public disclosure. The remote code execution chain ties together three injections –
- inject a non-production rails_env Price to bypass sandbox
- injection custom_hook_dir To control the hook directory to redirect to
- injection repo_pre_receive_hook With a crafted hook entry that triggers path traversal to execute arbitrary commands as the git user
“With unsandboxed code execution as a Git user, we had full control over the GHES instance, including file system read/write access and visibility into internal service configuration,” said Viz security researcher Sagi Tzadik.
For GitHub.com, an enterprise mode flag – set to “true” for GitHub Enterprise Server – defaults to “false”, which disables custom hook paths. But since this flag is also passed in the X-State header, it can be equally injected using the same mechanism, resulting in code execution on GitHub.com as well.
To make matters worse, given GitHub’s multi-tenant architecture and its shared backend infrastructure, the company reported that achieving code execution on GitHub.com enabled cross-tenant exposure, allowing an attacker to effectively read millions of repositories on a shared storage node, regardless of organization or user.
Given the severity of CVE-2026-3854, users are advised to apply the update immediately for optimal protection.
“A single git push command was enough to exploit a flaw in GitHub’s internal protocols and gain code execution on the backend infrastructure,” Vis said. “When multiple services written in different languages pass data through a shared internal protocol, the assumptions each service makes about that data become a significant attack surface.”
“We encourage teams building multi-service architectures to audit how user-controlled input flows through internal protocols – particularly where security-critical configuration is derived from shared data formats.”
