Wiz Research has disclosed a high severity vulnerability in GitHub’s internal git infrastructure that let any authenticated user run arbitrary commands inside GitHub’s backend, using nothing more than a standard git client.
Tracked as CVE-2026-3854 with a CVSS score of 8.7, the flaw hit both GitHub.com and self-hosted GHES (GitHub’s Enterprise Server product) deployments.
The bug came from an injection weakness in GitHub’s internal X-Stat protocol, a semicolon-delimited header passed between services during a git push. Because the proxy component embedded user-supplied push option values into that header without stripping semicolons, an attacker could overwrite trusted security fields and pivot into RCE as the git service user.
On GitHub.com, the blast radius was cross-tenant. Wiz researchers landed on shared storage nodes that held millions of public and private repositories belonging to other organizations, though the team confirmed it never touched any third-party data.
On GHES, the same chain delivered full server compromise, including access to hosted repos and internal secrets.
The discovery is one of the first critical findings in closed-source binaries surfaced through AI-augmented reverse engineering. Wiz credits tooling built on IDA MCP. Lead researcher Sagi Tzadik shared a walkthrough of the exploitation chain on X.
GitHub.com Patched in Six Hours, but 88% of GHES Instances Remain Exposed
GitHub mitigated the issue on GitHub.com within six hours of the March 4, 2026 report and shipped patches for every supported GHES branch on March 10.
Admins need to upgrade to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, or 3.19.3, as there is no workaround other thaninstalling the patch.
When the disclosure went public, Wiz reported that 88% of GHES instances were still running vulnerable versions, leaving thousands of self-hosted environments exposed.
“The presence of a non-production code path in a production binary, missing path-traversal validation on hook scripts, and the use of a delimiter-based protocol without input sanitization — these are patterns we see in many codebases,” the team warned.
“We encourage teams building multi-service architectures to audit how user-controlled input flows through internal protocols, especially where security-critical configuration is built from shared data formats.”
