https://hackingpassion.com/tags/cve-2026-3854/Recent content in Cve-2026-3854 on HackingPassion.com : root@HackingPassion.com-[~]HugoenWed, 29 Apr 2026 11:54:47 +0200https://hackingpassion.com/github-rce-cve-2026-3854/Wed, 29 Apr 2026 11:54:47 +0200https://hackingpassion.com/github-rce-cve-2026-3854/<p><strong>GitHub RCE CVE.</strong> A semicolon broke GitHub. One character in a push option field, and a security researcher was running code on the backend servers that store private repositories from millions of users and organizations. The git service user that processes every push on those servers has filesystem access to every repository on the node, and that access does not check who the repository belongs to. Private code from banks, hospitals, governments, and individual developers all sits on the same shared infrastructure. The command that got the researcher there is something every developer already runs every day.</p>