ayush
All posts

#security

1 post

Dark cover with a glowing red accent and the post title
8 min read

GitHub Got Owned by a Semicolon

CVE-2026-3854 let any authenticated user pop GitHub's backend with a single git push. The bug class is older than I am. So why does it keep working?

#security#vulnerability#github#essay