Nearly 5 Million Web Servers Expose Git Metadata Revealing Widespread Security Risk

A study conducted in 2026 by the Mysterium VPN research team reveals that nearly 5 million public web servers expose Git repository metadata. Among these servers, more than 250,000 expose .git/config files containing deployment credentials. These configuration errors allow unauthorized access to source code and sensitive authentication information. The study highlights a widespread risk of code and credential leaks affecting a significant number of servers worldwide.