Critical RCE Vulnerability in GitHub Affects Millions of Repositories

A critical RCE vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure can be exploited via a single git push by any authenticated user, potentially allowing full server compromise and exposure of private repositories and secrets. GitHub mitigated github.com within six hours and released patches for GitHub Enterprise Server, but the report states 88% of Enterprise instances remain vulnerable; administrators are urged to upgrade to version 3.19.3 or later.