GitHub CVE-2026-3854 security patch release
Security Patch Release
Summary
Hide ▲
Show ▼
GitHub released security fixes for CVE-2026-3854, patching GitHub.com and supported GitHub Enterprise Server builds after a critical remote code execution flaw that could expose private repositories. GitHub said it fixed GitHub.com in less than two hours after the report and prepared GHES updates for supported releases, with administrators told to upgrade immediately.
Related Happenings
GitHub data exposed after GitHub breach
Data Leak
First: 20.05.2026 11:14
Last: 20.05.2026 11:14
Sources 1
About this happening:
GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub data exposed after GitHub breach
Data LeakAbout this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub internal repositories private-code leak claim
Data Leak
First: 20.05.2026 08:08
Last: 20.05.2026 08:08
Sources 1
About this happening:
GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
GitHub internal repositories private-code leak claim
Data LeakAbout this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
Latest development: 21.05.2026 17:45
A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.
GitHub hit by network compromise
Incident
First: 20.05.2026 07:01
Last: 20.05.2026 07:01
Sources 1
About this happening:
GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
GitHub hit by network compromise
IncidentAbout this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
Latest development: 20.05.2026 13:45
GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.
Rwl.angular-console (Nx Console) hit by network compromise
Incident
First: 19.05.2026 10:49
Last: 19.05.2026 10:49
Sources 1
About this happening:
The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...
Rwl.angular-console (Nx Console) hit by network compromise
IncidentAbout this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...
Actions-cool/issues-helper hit by network compromise
Incident
First: 19.05.2026 08:28
Last: 19.05.2026 08:28
Sources 1
About this happening:
The **actions-cool/issues-helper** GitHub Actions supply-chain compromise let malicious tags run in **CI/CD pipelines**, causing **credential theft** and downstream account risk....
Actions-cool/issues-helper hit by network compromise
IncidentAbout this happening: The **actions-cool/issues-helper** GitHub Actions supply-chain compromise let malicious tags run in **CI/CD pipelines**, causing **credential theft** and downstream account risk....
Timeline
-
29.04.2026 15:41 1 articles · 28d ago
Wiz reports CVE-2026-3854 to GitHub
Initial DisclosureWiz researchers reported CVE-2026-3854 through GitHub's bug bounty program on March 4, 2026, and GitHub's security team reproduced and confirmed the vulnerability within 40 minutes.
Show sources
- GitHub fixes RCE flaw that gave access to millions of private repos — www.bleepingcomputer.com — 29.04.2026 15:41
-
29.04.2026 15:41 1 articles · 28d ago
GitHub confirms malicious git push RCE path
Technical Analysis UpdateCVE-2026-3854 let a single maliciously crafted git push inject user-supplied options into internal server metadata without sufficient sanitization, bypass sandboxing protections, and execute arbitrary code on the server handling the push. On GitHub.com, the flaw exposed shared storage nodes, and on GitHub Enterprise Server it granted full server compromise with access to hosted repositories and internal secrets.
Show sources
- GitHub fixes RCE flaw that gave access to millions of private repos — www.bleepingcomputer.com — 29.04.2026 15:41
-
29.04.2026 15:41 2 articles · 28d ago
GitHub deploys fixes and GHES patches for CVE-2026-3854
Mitigation Patch UpdateGitHub deployed a fix to GitHub.com less than two hours after receiving the report and prepared supported GitHub Enterprise Server patches for versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later. GitHub also stated that no other users or accounts triggered the exploit path and that no customer data was accessed, modified, or exfiltrated before patches were deployed.
Show sources
- GitHub fixes RCE flaw that gave access to millions of private repos — www.bleepingcomputer.com — 29.04.2026 15:41
- GitHub fixes RCE flaw that gave access to millions of private repos — www.bleepingcomputer.com — 29.04.2026 15:41