Critical GitHub RCE Vulnerability CVE-2026-3854 Allows Arbitrary Commands

Executive Summary 

On 20 April 2026 Wiz Research uncovered a critical vulnerability (CVE-2026-3854) in GitHub’s internal git infrastructure affecting both GitHub.com and GitHub Enterprise Server. By exploiting an injection flaw in GitHub’s internal protocol, any authenticated user could execute arbitrary commands on GitHub’s backend servers with a single git push command – using nothing but a standard git client.  

Affected Systems 

GitHub Enterprise Server versions up to and including 3.19.1 are vulnerable. Fixed versions are: 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3. GitHub[.]com has been fully mitigated. 

Technical Details 

Root Cause: X-Stat Header Injection 

The critical link between internal pipeline components is the X-Stat header, which carries security-critical fields as semicolon-delimited key=value pairs. Internal services parse this header by splitting on ; and populating a map using last-write-wins semantics: if a key appears twice, the later value silently overrides the earlier one.  

The flaw: babeld copies git push option values directly into the X-Stat header without sanitizing semicolons. Since ; is the field delimiter, any semicolon in a push option value breaks out of its designated field and creates new, attacker-controlled fields.  

RCE Exploitation Chain 

The attack chains three injections together:  

1. Sandbox bypass – Inject a non-production rails_env value to switch from the sandboxed production path to the unsandboxed execution path.  

1. Hook directory redirect – Inject custom_hooks_dir to control the base directory where the binary looks up hook scripts.  

1. Path traversal to arbitrary execution – Inject repo_pre_receive_hooks with a crafted hook entry whose script field contains a path traversal sequence, resolving to an arbitrary binary on the filesystem.  

Impact Scope 

• On GitHub[.]com, this vulnerability allowed remote code execution on shared storage nodes, with millions of public and private repositories belonging to other users and organizations accessible on the affected nodes.  

• On GitHub Enterprise Server, the same vulnerability grants full server compromise, including access to all hosted repositories and internal secrets.  

Defensive Actions 

For GitHub Enterprise Server administrators: 

• GitHub released patches for all supported GHES versions. Customers should upgrade immediately; at the time of disclosure, 88% of instances remain vulnerable.  

Fixed versions to target: 

• 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3.  

For GitHub[.]com users: 

• GitHub has already mitigated this issue. No action is required. 

For security and engineering teams broadly: 

• The presence of non-production code paths in production binaries, lack of path traversal validation on hook scripts, and the use of delimiter-based protocols without input sanitization are patterns that appear across many codebases. Teams building multi-service architectures should audit how user-controlled input flows through internal protocols, notably where security-critical configuration is derived from shared data formats.