A severe remote code execution (RCE) vulnerability in GitHub could have allowed attackers to run arbitrary code on both GitHub.com and GitHub Enterprise Server (GHES), putting millions of repositories at risk. Discovered by security researchers at Wiz, the now-patched flaw exploited how the platform processes server-side git push operations.
The Vulnerability: Command Injection in Git Push Processing
Tracked as CVE-2026-3854, the bug involved an internal component called X-STAT that sits in the path of GitHub’s backend Git infrastructure. According to Wiz, a maliciously crafted git push could pass dangerous input into X-STAT, which wasn’t properly sanitized before being incorporated into backend command execution. Because this processing is part of GitHub’s standard server-side handling of repository events, the input could influence how commands were structured and executed within that pipeline.
How X-STAT Became an Attack Vector
X-STAT is part of GitHub’s server-side handling of Git operations. By injecting special elements into a standard git push, an authenticated user could escape the intended command boundaries and execute arbitrary commands on the server. The vulnerability received a near-critical CVSS score of 8.8 and was classified by GitHub as a command injection issue resulting from “improper neutralization of special elements used in a command.”
Impact: From Code Execution to Full Server Takeover
Wiz researchers demonstrated that the flaw could be escalated from initial command execution to full remote code execution on affected systems. The impact varied depending on the environment.
GitHub.com: Millions of Repositories Exposed
On GitHub.com, the vulnerability allowed remote code execution on shared storage nodes. “We confirmed that millions of public and private repositories belonging to other users and organizations were accessible on the affected nodes,” said Sagi Tzadik, a researcher at Wiz. This meant an attacker could read, modify, or exfiltrate code from any repository hosted on those nodes, including sensitive private data.
GitHub Enterprise Server: Complete Compromise
The situation was even more severe for self-hosted GitHub Enterprise Server instances. On GHES, the vulnerability granted full server compromise across tenants, allowing an attacker to take complete control of the server, including access to all repositories, user accounts, and configuration data. At the time of public disclosure, Wiz reported that 88% of GitHub Enterprise Server instances accessible from the internet remained unpatched.
Discovery and Response
The flaw was uncovered using an AI-augmented reverse engineering tool called IDA MCP. “This is one of the first critical vulnerabilities discovered in closed-source binaries using AI, highlighting a shift in how these flaws are identified,” Tzadik noted in a blog post. “Despite the complexity of the underlying system, the vulnerability is remarkably easy to exploit.”
Patching and Disclosure
GitHub acknowledged the severity immediately. Alexis Wales, GitHub’s Chief Information Security Officer, commented, “A finding of this caliber and severity is rare, earning one of the highest rewards available in our Bug Bounty program.” The platform fixed the issue on GitHub.com within hours of the report and released patches for all supported versions of GitHub Enterprise Server (versions 3.14.25 through 3.20.0). However, the rapid patch pace didn’t eliminate the risk for many self-hosted users, as the majority hadn’t applied the update at the time of disclosure.
Lessons for Developers and Security Teams
This incident underscores the importance of secure handling of user input in backend processing pipelines, especially in shared infrastructure. For GitHub Enterprise Server administrators, the critical patch should be applied immediately to prevent exploitation. Meanwhile, the use of AI in vulnerability discovery points to a future where automated tools can identify subtle flaws in closed-source software that might otherwise go unnoticed.