US EditionGitHub Fixes RCE Flaw that Gave Access to Millions of Private Repos
Wiz Research used AI to find a flaw that could have exposed millions of repositories, and GitHub deployed fixes in under six hours.
- GitHub developers resolved a critical remote code execution vulnerability last month, securing both GitHub and GitHub Enterprise Server within six hours of the initial report.
- Wiz Research discovered the vulnerability "using AI," identifying a rare flaw in internal infrastructure that could have allowed attackers to access millions of public and private code repositories.
- GitHub chief information security officer Alexis Wales confirmed staff reproduced the issue "within 40 minutes," while Wiz warned the vulnerability was "remarkably easy to exploit."
- Security researcher Sagi Tzadik noted this marks a shift as one of the first critical vulnerabilities found in closed-source binaries using AI, earning a top Bug Bounty payout.
- GitHub experienced separate outages last week, including an incident where previously merged commits were reverted, suggesting a growing pattern of technical disruptions for the service.
13 Articles
13 Articles
GitHub rushed to fix a critical vulnerability in less than six hours
GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI models to uncover a vulnerability in GitHub's internal git infrastructure that could have allowed attackers to access millions of public and private code repositories. "Our security team immediately began validating the bug bounty report. Within 40 minutes, we had reproduced the vulnerability internally and confirmed the …
GitHub Flaw Enables Remote Code Execution With a Single Git Push
A vulnerability in GitHub’s infrastructure could have allowed attackers to execute code on backend systems using nothing more than a standard git push command. The flaw affected both GitHub.com and GitHub Enterprise Server (GHES), exposing millions of repositories to potential compromise before it was patched. “By exploiting an injection flaw in GitHub’s internal protocol, any authenticated user could execute arbitrary commands on GitHub’s back…
A critical failure on the GitHub platform is generating global concern among developers and security experts. Vulnerability, identified as CVE-2026-3854, has been discovered by Wiz and allows remote code execution (RCE) from a simple git push command. The severity of the problem is in the ease of exploitation. A daily routine command can be manipulated to compromise servers, opening the way for improper access and execution of malicious commands…
Coverage Details
Bias Distribution
- 50% of the sources lean Left, 50% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
