Critical GitHub RCE (CVE-2026-3854) via Malicious Git Push Options

Critical GitHub RCE (CVE-2026-3854) via Malicious Git Push Options

A critical remote code execution (RCE) vulnerability, tracked as CVE-2026-3854, has been identified in GitHub.com and GitHub Enterprise Server (GHES), allowing an authenticated user to achieve arbitrary command execution with a single git push command. This flaw, assigned a CVSS score of 8.7 (High), stems from improper neutralization of special elements within user-supplied Git push options, leading to command injection on the backend infrastructure.

Vulnerability Overview and Technical Mechanism

The core of CVE-2026-3854 lies in how GitHub's internal protocol processes git push --push-option=<key>=<value>. During a Git push operation, user-supplied push option values were not adequately sanitized before being incorporated into internal service headers, specifically the X-Stat header. This internal metadata format relies on a semicolon (;) as a delimiter character. Crucially, this delimiter could also appear in user input. An attacker could exploit this by injecting additional metadata fields through crafted push option values.

By leveraging this input validation failure and the "last-write-wins" parsing model of the internal header, an attacker could chain several injected values. This allowed them to override the environment in which the push was processed, bypass existing sandboxing protections, and ultimately execute arbitrary commands on the GitHub server. The exploit chain involved manipulating critical settings like the execution environment and hook configurations. Specifically, researchers demonstrated how to inject a non-production rails_env value to bypass the sandbox, inject custom_hooks_dir to redirect the hook directory, and then inject repo_pre_receive_hooks with a crafted hook entry that triggered path traversal to execute commands as the git user.

Exploitation Scenario

An attacker requires only authenticated access and push permissions to any repository on the GitHub Enterprise Server instance, including a newly created one. No further user interaction beyond a single malicious git push command is necessary to trigger the vulnerability. The simplicity of the attack vector, requiring only a standard Git client and a crafted push option, makes it particularly dangerous.

Consider a hypothetical malicious push option designed to inject a command that creates a reverse shell:

git push --push-option='env=prod;custom_hooks_dir=/tmp/malicious;repo_pre_receive_hooks=foo/bar:../../../../tmp/malicious/evil.sh' origin main

In this example, the injected semicolons would trick the server's internal parsing logic into interpreting custom_hooks_dir and repo_pre_receive_hooks as legitimate internal metadata fields. The evil.sh script, having been previously committed by the attacker to the repository, would then be executed due to the manipulated hook path and bypassed sandbox. Security teams utilizing tools like GProxy for anonymous testing or reconnaissance may inadvertently observe similar traffic patterns if they are not careful about their push options against vulnerable targets.

Impact

The successful exploitation of CVE-2026-3854 on a GHES instance grants an attacker full control over the server. This includes arbitrary filesystem read/write access and visibility into internal service configurations and sensitive data. On GitHub.com, the same flaw allowed remote code execution on shared storage nodes, providing access to millions of public and private repositories belonging to other users and organizations. This level of compromise poses a severe risk for intellectual property theft, supply chain attacks, and broader organizational compromise. Enterprises should consider performing regular vulnerability scanning using platforms like Secably to identify and prioritize such critical vulnerabilities in their self-hosted applications.

Affected Versions

The vulnerability impacts various versions of GitHub Enterprise Server and GitHub.com. GitHub rapidly mitigated the issue on GitHub.com and GitHub Enterprise Cloud services within hours of the report. However, self-hosted GHES instances require manual patching.

Detection and Mitigation

Prompt remediation is critical. GitHub Enterprise Server administrators are strongly urged to upgrade their instances to the latest patched versions immediately. As of late April 2026, it is estimated that 88% of GHES instances remained unpatched.

Key mitigation steps include:

• Upgrade GHES: Apply the relevant security patches for all supported GHES release lines.
• Audit Push Access: Review user accounts with push access to GHES instances, removing any unused or unnecessary collaborator and contractor accounts.
• Monitor Activity: Scrutinize recent push activity for any unusual hook behavior or anomalous server-side script executions during the exposure window. The exploit path forces server code that is not typically used during normal operations.
• Restrict Network Reachability: Limit network exposure for GHES instances, especially those not requiring public or partner internet access. Reconnaissance tools like Zondex can be used to identify publicly exposed GHES instances and assess external attack surface.
• Credential Rotation: After patching, rotate any credentials, deploy keys, or tokens that could have been compromised if the instance was accessible to an untrusted user population.
• Input Validation: Implement robust input validation and sanitization for any user-supplied data processed by server-side Git hooks or related services.

The discovery of CVE-2026-3854 by Wiz researchers on March 4, 2026, highlights the ongoing challenge of securing complex, multi-service architectures where implicit trust between components can introduce critical vulnerabilities if user-controlled input flows through internal protocols without rigorous sanitization.