Cybersecurity researchers have revealed critical details about a newly identified RCE vulnerability, tracked as CVE-2026-3854, affecting both GitHub’s cloud infrastructure and GitHub Enterprise Server deployments. The flaw, which carries a high CVSS score of 8.7, could allow an authenticated user to execute arbitrary code on affected systems with a single crafted git push command. 

The vulnerability, discovered by researchers at Wiz, exposes a command injection flaw within GitHub’s internal handling of user-supplied data. Specifically, the issue lies in how push options, key-value strings sent during a git push operation, were processed.  What is CVE-2026-3854 RCE Vulnerability? 

Accor...