#git · Blog · Ayush Sharma

Dark cover with violet purple glow and white title text

May 8, 20269 min read

A Single git push Was All It Took: CVE-2026-3854

Any authenticated user with push access to any repo on your GitHub Enterprise Server could RCE the server with one crafted push option. Here's exactly how.

#security #git #vulnerability #github