Critical GitHub Vulnerability CVE-2026-3854 Enables Remote Code Execution via Git Push

A critical vulnerability in GitHub, tracked as CVE-2026-3854, enables remote code execution via a single git push by exploiting a command injection flaw. The flaw affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise configurations. Attackers can execute arbitrary code without authentication by leveraging the vulnerability during repository interactions. No specific patch release date or affected version ranges were disclosed in the report. The discovery highlights a severe risk to GitHub's enterprise environments, though further technical details remain limited.