#github

2 posts

Dark cover with violet purple glow and white title text

May 8, 20269 min read

A Single git push Was All It Took: CVE-2026-3854

Any authenticated user with push access to any repo on your GitHub Enterprise Server could RCE the server with one crafted push option. Here's exactly how.

#security #git #vulnerability #github

Dark cover with a glowing red accent and the post title

May 2, 20268 min read

GitHub Got Owned by a Semicolon

CVE-2026-3854 let any authenticated user pop GitHub's backend with a single git push. The bug class is older than I am. So why does it keep working?

#security #vulnerability #github #essay