CVE-2026-3854: Critical RCE Vulnerability on GitHub Discovered by AI

CVE-2026-3854 puts GitHub Enterprise Server at risk. Discovered via AI, it allowed RCE. Technical details and patch discrepancies inside.

CVE-2026-3854: Critical RCE Vulnerability on GitHub Discovered by AI

Wiz Research recently disclosed details of CVE-2026-3854, a critical vulnerability that affected GitHub's internal infrastructure. The flaw, reported on March 4, 2026, would have allowed remote code execution (RCE) on backend servers via a simple git push command. Although GitHub.com was protected promptly, the discovery marks a turning point in cybersecurity: it is one of the first cases where Artificial Intelligence was successfully used to identify a critical vulnerability in closed-source binaries, a feat considered prohibitive until today.

The use of AI in reverse engineering: a historical first

The most significant technical novelty emerging from Wiz's report concerns the discovery methodology. Researchers employed Artificial Intelligence to reverse-engineer GitHub's proprietary (closed-source) binaries using tools like IDA MCP. As Wiz Research highlighted, "Notably, this is one of the first critical vulnerabilities discovered in closed-source binaries using AI, highlighting a shift in how these flaws are identified." This approach opens new scenarios for offensive cybersecurity, demonstrating that AI can overcome the barriers of proprietary source code obscurity, traditionally an insurmountable obstacle for vulnerability analysis.

Technical mechanism: injection in the X-Stat header

Vulnerability CVE-2026-3854 resides in the lack of sanitization of push option values within the internal X-Stat header. Researchers defined the exploit as "remarkably easy" to leverage. The attack was structured by chaining three specific command injections:

  • rails_env: used to bypass sandbox protections.
  • custom_hooks_dir: employed to redirect the execution directory.
  • repo_pre_receive_hooks: exploited for arbitrary code execution.

According to Alexis Wales, CISO of GitHub, "By chaining several injected values, researchers demonstrated that an attacker could overwrite the environment in which the push was processed, bypass the sandboxing protections that normally limit hook execution, and ultimately execute arbitrary commands on the server."

Impact and repository access

Exploiting the vulnerability granted the attacker significant privileges. Sagi Tzadik, a security researcher at Wiz, explained that "With unconfined code execution as the git user, we had full control over the GHES instance, including read/write access to the filesystem and visibility into the configuration of internal services." Specifically, the git user allowed read access to any repository on the compromised node, regardless of the owner, putting millions of public and private repositories on GitHub.com's shared storage nodes at risk.

At the time of disclosure, it was observed that approximately 88% of GitHub Enterprise Server instances were still vulnerable. The CVSS score assigned to the vulnerability is 8.7, confirming its severity. Fortunately, there is no evidence of malicious exploitation in real-world contexts.

Resolution timelines and information discrepancies

Regarding correction timelines, sources provide partially conflicting data. According to The Hacker News, GitHub patched GitHub.com within two hours of validation, while Wiz reports mitigation occurring within 6 hours of the report. The indicated patch versions also show differences: The Hacker News lists corrected versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, and 3.20.0+, while Wiz cites versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3+. System administrators are encouraged to check official changelogs to identify the correct version for their infrastructure.

Frequently Asked Questions

What is vulnerability CVE-2026-3854?
It is a critical vulnerability (CVSS 8.7) in GitHub's internal infrastructure that allowed remote code execution (RCE) on backend servers through command injection during a git push operation.
How was CVE-2026-3854 discovered?
It was discovered by Wiz researchers using Artificial Intelligence to reverse-engineer closed-source binaries, marking one of the first times AI has been successfully used to find critical bugs in proprietary software.
What is the risk for companies?
An attacker could gain read access to all repositories on a compromised node and full control over the GitHub Enterprise Server instance, including filesystem read/write and viewing internal configurations.

This article is a summary based exclusively on the sources listed.

Sources

  • https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
  • https://borecraft.com/2026/04/28/github-push-pipeline-rce-cve-2026-3854-patched-on-github-com-ghes-admins-must-upgrade/
  • https://news.ycombinator.com/item?id=47936479
  • https://nvd.nist.gov/vuln/detail/CVE-2026-3854