Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve
source https://thehackernews.com/2026/04/researchers-discover-critical-github.html
source https://thehackernews.com/2026/04/researchers-discover-critical-github.html
