“On GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible on the affected nodes,” Wiz said.While the authentication requirement may appear to mitigate the risk, GitHub explained that any user with push access to a repository, including one they created, could exploit the vulnerability to execute arbitrary commands on the server.GitHub quickly addressed the vulnerability. The company has conducted a forensic investigation and determined that it has not been exploited in the wild.In addition to GitHub.com and GitHub Enterprise Server, the security hole affected GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise Managed Users.The vulnerability was reported to GitHub on March 4, and a fix was deployed to GitHub.com on the same day.A patch for Enterprise Server was made available on March 10. However, Wiz reported on Tuesday that 88% of Enterprise Server instances had not yet been updated to a patched version.Thetechnical details of CVE-2026-3854have been disclosed by Wiz, and GitHub hasdescribedthe actions it has taken and its process for handling such vulnerabilities.Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
While the authentication requirement may appear to mitigate the risk, GitHub explained that any user with push access to a repository, including one they created, could exploit the vulnerability to execute arbitrary commands on the server.GitHub quickly addressed the vulnerability. The company has conducted a forensic investigation and determined that it has not been exploited in the wild.In addition to GitHub.com and GitHub Enterprise Server, the security hole affected GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise Managed Users.The vulnerability was reported to GitHub on March 4, and a fix was deployed to GitHub.com on the same day.A patch for Enterprise Server was made available on March 10. However, Wiz reported on Tuesday that 88% of Enterprise Server instances had not yet been updated to a patched version.Thetechnical details of CVE-2026-3854have been disclosed by Wiz, and GitHub hasdescribedthe actions it has taken and its process for handling such vulnerabilities.Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
GitHub quickly addressed the vulnerability. The company has conducted a forensic investigation and determined that it has not been exploited in the wild.In addition to GitHub.com and GitHub Enterprise Server, the security hole affected GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise Managed Users.The vulnerability was reported to GitHub on March 4, and a fix was deployed to GitHub.com on the same day.A patch for Enterprise Server was made available on March 10. However, Wiz reported on Tuesday that 88% of Enterprise Server instances had not yet been updated to a patched version.Thetechnical details of CVE-2026-3854have been disclosed by Wiz, and GitHub hasdescribedthe actions it has taken and its process for handling such vulnerabilities.Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
In addition to GitHub.com and GitHub Enterprise Server, the security hole affected GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise Managed Users.The vulnerability was reported to GitHub on March 4, and a fix was deployed to GitHub.com on the same day.A patch for Enterprise Server was made available on March 10. However, Wiz reported on Tuesday that 88% of Enterprise Server instances had not yet been updated to a patched version.Thetechnical details of CVE-2026-3854have been disclosed by Wiz, and GitHub hasdescribedthe actions it has taken and its process for handling such vulnerabilities.Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
The vulnerability was reported to GitHub on March 4, and a fix was deployed to GitHub.com on the same day.A patch for Enterprise Server was made available on March 10. However, Wiz reported on Tuesday that 88% of Enterprise Server instances had not yet been updated to a patched version.Thetechnical details of CVE-2026-3854have been disclosed by Wiz, and GitHub hasdescribedthe actions it has taken and its process for handling such vulnerabilities.Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
A patch for Enterprise Server was made available on March 10. However, Wiz reported on Tuesday that 88% of Enterprise Server instances had not yet been updated to a patched version.Thetechnical details of CVE-2026-3854have been disclosed by Wiz, and GitHub hasdescribedthe actions it has taken and its process for handling such vulnerabilities.Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Thetechnical details of CVE-2026-3854have been disclosed by Wiz, and GitHub hasdescribedthe actions it has taken and its process for handling such vulnerabilities.Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Related:Critical Vulnerability in OpenAI Codex Allowed GitHub Token CompromiseRelated:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Related:GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Source: SecurityWeek
