Brijesh Desai 
GitHub RCE flaw private repos (CVE-2026-3854) let attackers compromise millions via one malicious git push. Wiz researchers triggered full backend access—patched in 2hrs, but 88% Enterprise servers remain vulnerable.
GitHub RCE flaw private repos nearly handed attackers the keys to millions of codebases with one devastating git push. CVE-2026-3854 (CVSS 8.7), discovered March 4, 2026 by Wiz Research, weaponized GitHub’s internal babeld proxy—attackers with push access could execute arbitrary code on shared backend storage nodes, exposing every repository on compromised infrastructure.
The “One Push” Apocalypse
Wiz researchers injected malicious options into standard git push headers, exploiting semicolon parsing (GitHub’s field delimiter) for last-write-wins override. Three chained exploits achieved RCE:
- Sandbox Bypass: Disabled execution isolation via environment manipulation
- Path Redirection: Overrode script directories to attacker-controlled locations
- Code Execution: Triggered binaries from injected paths
On GitHub.com, this hit shared storage—millions of public/private repos across orgs exposed. GitHub Enterprise Server? Full server compromise: all repos, configs, secrets. Wiz called it “remarkably easy” despite complex internals; first critical closed-source binary flaw found via AI.
GitHub’s Lightning Response vs Reality Check
The Good: 40-minute repro, <2-hour prod fix. CISO Alexis Wales confirmed no exploitation evidence. Bug bounty paid.
The Bad: 88% GitHub Enterprise Server instances unpatched (April 28 data). Self-hosted orgs still at risk.
Technical Deep Dive: Semicolon Injection
git push origin main -o "hook-attr=disable;sandbox=off;script-dir=/tmp/evil;exec-path=/tmp/pwned"Babeld embedded user input into internal headers without sanitizing semicolons. Last-write-wins let attackers override:
sandbox=off → Escape isolationscript-dir=/tmp/evil → Control execution pathsexec-path=/tmp/pwned → Arbitrary binary execution
GitHub.com blocks enterprise hooks by default, but attackers toggled that too. Multi-tenant design amplified blast radius—one node down, every customer’s repos exposed.
India Dev Impact: Mumbai Code at Risk
India hosts 15%+ of GitHub’s private repos—fintech, gaming studios, AI/ML projects. Enterprise Server lag leaves NPCI vendors, Zoho, Freshworks deployments vulnerable. Your content repo with SEO scripts? One rogue collaborator’s push away from total exposure.
Immediate Actions:
# Check Enterprise Server version
$ ghes-version
# Apply patch immediately if < patched release
# Monitor git push logs for anomalies
# Revoke push access for untrusted collaboratorsWiz AI Discovery Signals Threat Evolution
Wiz used AI to surface this closed-source binary flaw—old-school fuzzing missed it. Semicolon injection bypassed years of security reviews. For cybersecurity pros, this redefines supply chain risk: trusted platforms become attack vectors via mundane operations.
GitHub acted fast; Enterprise admins must follow. Single git push shouldn’t burn millions of repos—that’s architecture debt exposed. Patch now, audit collaborators, watch for copycats targeting GitLab/Bitbucket. Mumbai devs, your private AI models need this yesterday.