{"vulnerability": "CVE-2026-3854", "sightings": [{"uuid": "f6a6cd7d-ce60-4339-87a7-09be9c74af1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "published-proof-of-concept", "source": "Telegram/H9FvYxeViFpWPektoiDBRXFcEsuad3hWIM9CFQZdsVu-jA", "content": "", "creation_timestamp": "2026-04-28T20:32:29.000000Z"}, {"uuid": "2850f1e9-8f8d-4e80-b4b9-0c89bf48b61a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/secqube.com/post/3mhicwrgk6i2t", "content": "", "creation_timestamp": "2026-03-20T10:34:07.235934Z"}, {"uuid": "f4968ba9-2759-4e92-8077-77a2a88a1f7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mkn7kk2yzv25", "content": "GitHub\u3001\u767e\u4e07\u4ef6\u4ee5\u4e0a\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ea\u30dd\u30b8\u30c8\u30ea\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u3059RCE\u8106\u5f31\u6027(CVE-2026-3854)\u3092\u4fee\u6b63\u3002", "creation_timestamp": "2026-04-29T13:32:29.324062Z"}, {"uuid": "df773252-c6b9-4e1b-bde3-408d6058b55b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mkn7m6xddk2h", "content": "Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) www.wiz.io/blog/github-...", "creation_timestamp": "2026-04-29T13:33:27.675405Z"}, {"uuid": "c1aa2fc5-0c79-413f-af7b-1e66b196560a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkn5gh2pcz2m", "content": "GitHub\u304c\u6570\u767e\u4e07\u500b\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ea\u30dd\u30b8\u30c8\u30ea\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u305fRCE\u8106\u5f31\u6027\u3092\u4fee\u6b63\n\n3\u6708\u4e0a\u65ec\u3001GitHub\u304c\u3001\u6570\u767e\u4e07\u500b\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ea\u30dd\u30b8\u30c8\u30ea\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u653b\u6483\u8005\u306b\u8a31\u53ef\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u3063\u305f\u91cd\u5927\u306a\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u8106\u5f31\u6027\uff08CVE-2026-3854\uff09\u306b\u30d1\u30c3\u30c1\u3092\u5f53\u3066\u307e\u3057\u305f\u3002 \u3053\u306e\u8106\u5f31\u6027\u306f2026\u5e743\u67084\u65e5\u306b\u3001\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4f01\u696dWiz\u306e\u7814\u7a76\u8005\u306b\u3088\u3063\u3066GitHub\u306e\u30d0\u30b0\u5831\u5968\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u901a\u3058\u3066\u5831\u544a\u3055\u308c\u307e", "creation_timestamp": "2026-04-29T12:54:24.000402Z"}, {"uuid": "c7a2a283-e5ac-44c3-8d23-e3618aa953fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hnbest.bsky.social/post/3mkn2fo7fah2u", "content": "GitHub RCE Vulnerability: CVE-2026-3854 Breakdown https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854\n\n\ncomments #wiz.io", "creation_timestamp": "2026-04-29T12:00:16.593779Z"}, {"uuid": "3fb68672-2316-4aba-b37b-e315d0ee114c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "published-proof-of-concept", "source": "Telegram/laxGlEw36YLaigr69sdSgTO-VqR0i_X9Lyvd9wsYL3HVb1G4", "content": "", "creation_timestamp": "2026-04-28T21:15:05.000000Z"}, {"uuid": "8507945a-c102-47b9-b8b8-d70752e93714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkmageq7nw2t", "content": "", "creation_timestamp": "2026-04-29T04:15:23.576575Z"}, {"uuid": "6a8912b5-d442-45b5-a9b1-c3029740a660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/116487650362829887", "content": "En las \u00faltimas 24 horas se detectaron vulnerabilidades cr\u00edticas que permiten ejecuci\u00f3n remota de c\u00f3digo en ProFTPD y GitHub Enterprise Server, y una r\u00e1pida explotaci\u00f3n de SQL Injection en LiteLLM compromete datos en la nube; adem\u00e1s, el ransomware VECT 2.0 destruye archivos irreversiblemente en m\u00faltiples sistemas, aumentando el riesgo. Descubre estos y m\u00e1s detalles en el siguiente listado de noticias sobre seguridad inform\u00e1tica:\n\ud83d\uddde\ufe0f \u00daLTIMAS NOTICIAS EN SEGURIDAD INFORM\u00c1TICA \ud83d\udd12====| \ud83d\udd25 LO QUE DEBES SABER HOY \ufeff\ufeff29/04/26\ufeff\ufeff \ud83d\udcc6 |==== \n\ud83d\udd13 CVE-2026-42167 PERMITE EVITAR AUTENTICACI\u00d3N Y EJECUCI\u00d3N DE C\u00d3DIGO EN PROFTPD\nSe ha identificado una grave vulnerabilidad en ProFTPD, catalogada como CVE-2026-42167, que permite saltarse procesos de autenticaci\u00f3n, elevar privilegios y ejecutar c\u00f3digo arbitrario. Esta falla representa un riesgo significativo para servidores FTP que no est\u00e9n actualizados. Se recomienda aplicar la actualizaci\u00f3n que MITRE y los desarrolladores emitir\u00e1n pr\u00f3ximamente para mitigar posibles ataques. Mantente alerta y protege tus sistemas. Descubre todos los detalles sobre esta vulnerabilidad y c\u00f3mo protegerte aqu\u00ed \ud83d\udc49 https://djar.co/tWdN\n\ud83d\udcbb VULNERABILIDAD CR\u00cdTICA RCE EN GITHUB ENTERPRISE SERVER CVE-2026-3854\nGitHub Enterprise Server enfrenta una vulnerabilidad con un puntaje CVSS de 8.7 que permite la ejecuci\u00f3n remota de c\u00f3digo, poniendo en riesgo repositorios y datos sensibles de las organizaciones. Esta amenaza impacta directamente en la integridad y la seguridad de los entornos corporativos que utilizan esta plataforma. La actualizaci\u00f3n inmediata es vital para evitar compromisos graves. Analiza a fondo la vulnerabilidad y las versiones afectadas para tomar acci\u00f3n r\u00e1pida. M\u00e1s informaci\u00f3n y recomendaciones aqu\u00ed \ud83d\udc49 https://djar.co/lWbCh\n\u26a0\ufe0f EXPLOTACI\u00d3N R\u00c1PIDA DE SQL INJECTION EN LITELLM CVE-2026-42208\nEn un caso alarmante, la vulnerabilidad SQL Injection CVE-2026-42208 en LiteLLM fue aprovechada en menos de 36 horas tras su divulgaci\u00f3n, comprometiendo credenciales y poniendo en riesgo cuentas en la nube. Esto evidencia la necesidad de implementar medidas proactivas y monitorear activamente los sistemas contra ataques tempranos. Revisa c\u00f3mo se desarroll\u00f3 este incidente y las mejores pr\u00e1cticas para proteger tus datos en la nube. Ent\u00e9rate aqu\u00ed \ud83d\udc49 https://djar.co/LQrNO4\n\ud83d\udee1\ufe0f VECT: RANSOMWARE COMO SERVICIO Y SU IMPACTO EN LA CADENA DE SUMINISTRO\nEl ransomware VECT, surgido en diciembre de 2025, se distingue por operar bajo modelo Ransomware-as-a-Service, causando estragos en varias cadenas de suministro. Su capacidad para expandirse y ejecutar ataques destructivos torna esencial entender su funcionamiento para anticipar y mitigar riesgos. La investigaci\u00f3n de Check Point revela sus t\u00e1cticas y evoluci\u00f3n, informaci\u00f3n clave para defensores de la ciberseguridad. Explora el an\u00e1lisis completo sobre VECT y su impacto aqu\u00ed \ud83d\udc49 https://djar.co/O8ko\n\ud83d\udca5 VECT 2.0 DESTRUYE IRREVERSIBLEMENTE ARCHIVOS EN WINDOWS, LINUX Y ESXI\nLa actualizaci\u00f3n 2.0 del ransomware VECT introduce un fallo en la gesti\u00f3n del nonce que provoca la destrucci\u00f3n permanente de archivos mayores a 131KB, haciendo in\u00fatiles los pagos de rescate y complicando las opciones de recuperaci\u00f3n. Afecta m\u00faltiples sistemas operativos, aumentando la gravedad de los ataques. Comprender esta nueva versi\u00f3n es vital para fortalecer las estrategias de defensa y respuesta ante incidentes. Conoce m\u00e1s sobre esta amenaza cr\u00edtica y c\u00f3mo proteger tus datos aqu\u00ed \ud83d\udc49 https://djar.co/pYoGQk\n\ud83c\udfaf CLASE VIRTUAL AVANZADA: DETECCI\u00d3N Y PREVENCI\u00d3N DE MALWARE - CQURE ACADEMY\nEspecialistas en ciberseguridad tienen la oportunidad de profundizar en t\u00e9cnicas avanzadas de b\u00fasqueda y prevenci\u00f3n de malware a trav\u00e9s de esta clase magistral en vivo. La formaci\u00f3n incluye m\u00e9todos pr\u00e1cticos y te\u00f3ricos para identificar amenazas complejas y fortalecer la postura defensiva de las organizaciones frente a ataques sofisticados. No pierdas la oportunidad de actualizar tus habilidades y conocimientos. Inscr\u00edbete y accede al curso aqu\u00ed \ud83d\udc49 https://djar.co/RYH0\n\ud83d\udcda GU\u00cdA PARA AUTORES EN CIBERSEGURIDAD - THE HACKER RECIPES\nEsta gu\u00eda es ideal para profesionales interesados en escribir sobre hacking \u00e9tico, pruebas de penetraci\u00f3n y ciberseguridad. Ofrece estrategias claras para estructurar contenido t\u00e9cnico y did\u00e1ctico, facilitando la comunicaci\u00f3n efectiva de conocimientos complejos. Una herramienta valiosa para quienes desean contribuir al ecosistema de la seguridad inform\u00e1tica con contenidos de calidad. Descubre c\u00f3mo mejorar tus publicaciones y aportar valor aqu\u00ed \ud83d\udc49 https://djar.co/u2Dz", "creation_timestamp": "2026-04-29T11:01:25.941480Z"}, {"uuid": "f79d71d9-c6a1-4a54-8d58-f3b1e647db1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkmcmewrl7e2", "content": "", "creation_timestamp": "2026-04-29T04:54:32.704415Z"}, {"uuid": "1b661b31-f105-4792-900c-7d4b485f93d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mklcdkwrnm27", "content": "", "creation_timestamp": "2026-04-28T19:16:57.213603Z"}, {"uuid": "99a32940-7e53-4748-91aa-e908badc347e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/samilaiho.com/post/3mkmxwbz4j227", "content": "Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and\n GitHub Enterprise Server (CVE-2026-3854)\nwww.wiz.io/blog/github-...", "creation_timestamp": "2026-04-29T11:15:57.355699Z"}, {"uuid": "b4b63a87-003c-471c-af8d-324af0b57918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mklcom57e72x", "content": "", "creation_timestamp": "2026-04-28T19:23:07.411862Z"}, {"uuid": "342b0526-cf6b-47d4-a378-b4205ffe10ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/intcyberdigest.bsky.social/post/3mklcv3eku22f", "content": "", "creation_timestamp": "2026-04-28T19:26:49.540490Z"}, {"uuid": "d9c6abd9-3ac5-4bbf-99ee-f69a515df959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mklcrivqwf2e", "content": "", "creation_timestamp": "2026-04-28T19:24:44.588133Z"}, {"uuid": "7b4cc3b5-a592-49ff-a615-540ac79bff6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/betterhn300.e-work.xyz/post/3mkmgs7ogtg2e", "content": "", "creation_timestamp": "2026-04-29T06:09:23.162594Z"}, {"uuid": "91611fd4-53f3-4d30-a208-1cd0ef31f91c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3mkldguqcx424", "content": "", "creation_timestamp": "2026-04-28T19:36:41.153596Z"}, {"uuid": "8457ffaa-45f4-4a20-ade1-8be6e5ffcdf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/intcyberdigest.bsky.social/post/3mklcuzutj22f", "content": "", "creation_timestamp": "2026-04-28T19:26:48.973623Z"}, {"uuid": "60befb3b-1512-4f70-88c5-851ec0d2f02a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3mklfcphfn62g", "content": "", "creation_timestamp": "2026-04-28T20:10:08.750167Z"}, {"uuid": "5cfe9809-3b69-4c0d-acef-4420146fad24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/timb.me.uk/post/3mkldszymesk2", "content": "", "creation_timestamp": "2026-04-28T19:43:32.649302Z"}, {"uuid": "2328234b-f0f4-461f-88d1-244eb7934448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkle5s7l2ts2", "content": "", "creation_timestamp": "2026-04-28T19:49:31.592993Z"}, {"uuid": "13c1f9ca-0f7f-4e22-80f3-d9adee536297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hackernewsrobot.bsky.social/post/3mklfdkzwzz2o", "content": "", "creation_timestamp": "2026-04-28T20:10:38.358899Z"}, {"uuid": "65d5b294-5b7d-4235-965b-4a1ee2d98a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3mklegblfaq2q", "content": "", "creation_timestamp": "2026-04-28T19:54:15.276218Z"}, {"uuid": "4bdd6d71-ef93-4b14-8604-8180dfb4ae65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3mklereo7342t", "content": "", "creation_timestamp": "2026-04-28T20:00:31.458080Z"}, {"uuid": "c599598f-d949-41ec-ac33-01fb7bb44a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/cybersecurity.page/post/3mklh4keegt24", "content": "", "creation_timestamp": "2026-04-28T20:42:29.783260Z"}, {"uuid": "b9a01c0d-5b8e-40e6-b227-79e9f8ef215f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mkmjoxh6ld2h", "content": "CVE-2026-3854 emerged to remind us that GitHub and its Enterprise variant are about as secure as a screen door on a submarine during a storm. This little oversight potentially handed the keys to millions of repositories to anyone with a passing interest, making the very foundatio...\n\nRead full story", "creation_timestamp": "2026-04-29T07:01:14.433339Z"}, {"uuid": "6e71de48-ea96-49fe-be15-c285fa264316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkmldbdkn322", "content": "GitHub CRITICAL vuln (CVE-2026-3854): Push access = RCE on backend servers. Millions of repos exposed. Patch Enterprise Server now. GitHub.com already fixed. Details: https://radar.offseq.com/threat/critical-github-vulnerability-exposed-millions-of--29b3abff #OffSeq #GitHub #Security", "creation_timestamp": "2026-04-29T07:30:30.906130Z"}, {"uuid": "521a4236-2552-44e4-bdd4-f74998b82218", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mkmhbrwz622g", "content": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push reconbee.com/researchers-...\n\n#GitHub #RCEFlaw #singlegitpush #gitpush #cyberattack", "creation_timestamp": "2026-04-29T06:18:10.372608Z"}, {"uuid": "297e4dfd-a691-43b3-8b75-4e4d7b7f34f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/it4intserver.bsky.social/post/3mklg4lk7i72u", "content": "", "creation_timestamp": "2026-04-28T20:24:37.599000Z"}, {"uuid": "ad5c3ec2-a67a-4dac-b29f-19be0ce3d010", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mklibombhw2u", "content": "", "creation_timestamp": "2026-04-28T21:03:16.463145Z"}, {"uuid": "2b70c24a-5f1e-4678-bb67-f705a372e212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hakksaww.bsky.social/post/3mkliaeinqv2f", "content": "", "creation_timestamp": "2026-04-28T21:02:31.634022Z"}, {"uuid": "0002179d-459b-43c6-a357-0979f1642d30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mkmmz3i4nx2c", "content": "Just ONE Command Can OWN Your GitHub Server \u2014 CVE-2026-3854 Drops a Critical RCE Bombshell +\u00a0Video\n\nIntroduction: A recently disclosed critical remote code execution (RCE) vulnerability, designated CVE-2026-3854, silently lurked within GitHub\u2019s core `git` infrastructure, impacting GitHub.com,\u2026", "creation_timestamp": "2026-04-29T08:00:41.161902Z"}, {"uuid": "b1fb8c3e-0b69-42be-9851-e606176f56cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mklidl23ije2", "content": "", "creation_timestamp": "2026-04-28T21:04:22.439391Z"}, {"uuid": "7a8fac44-7c2f-4876-ba6d-ddd6ed78f6e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkml2h3tpvi2", "content": "Critical GitHub Vulnerability Exposed Millions of Repositories The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. The post Critical GitHub Vul...\n\n#Vulnerabilities #GitHub #remote #code #execution #vulnerability\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-29T07:25:45.034113Z"}, {"uuid": "7bcb183b-e2e4-4834-bdfe-088ae99f6ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://gist.github.com/nilayparikh/cbd472a5d8647e4ad64a42f0a2e41fb2", "content": "", "creation_timestamp": "2026-04-28T21:10:43.000000Z"}, {"uuid": "24613073-2d23-4973-9327-d030a0f24065", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/techpresso.bsky.social/post/3mkmleub7ns2f", "content": "Wiz Research discovered a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854, exploitable through a single git push.", "creation_timestamp": "2026-04-29T07:31:23.133587Z"}, {"uuid": "bb7204cb-a1e4-4e37-b7eb-0abb4a24a8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116486820823673065", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-3854 lets users with push access run arbitrary code on GitHub backend servers. Impacts GitHub.com & Enterprise Server. GitHub.com patched 2026-03-04; ES patch 2026-03-10. Patch ASAP! No wild exploits found. https://radar.offseq.com/threat/critical-github-vulnerability-exposed-millions-of--29b3abff #OffSeq #GitHub #Infosec", "creation_timestamp": "2026-04-29T07:30:28.325278Z"}, {"uuid": "ec96433d-0ebc-403f-8015-069e249d5c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/rhosoi.bsky.social/post/3mkmlign4rk2j", "content": "CVE-2026-3854\n\n\u3053\u308cGHES\u91d1\u6255\u3063\u3066\u30bb\u30eb\u30d5\u30db\u30b9\u30c8\u3057\u3066\u308b\u4f01\u696d\u306b\u306f\u5b9f\u8cea\u30bc\u30ed\u30c7\u30a4\u307f\u305f\u3044\u306a\u3082\u3093\u306a\u306e\u3067\u306f\uff1f\n\n\u307e\u3042\u305b\u3044\u305c\u3044\u88ab\u5bb3\u304c\u51fa\u307e\u305b\u3093\u3088\u3046\u306b\u3068\u7948\u308b\u3057\u304b\u7121\u3044\u3002\u3002\u3002", "creation_timestamp": "2026-04-29T07:33:29.079147Z"}, {"uuid": "e7ab8ed2-4a3f-4dbc-8703-baf343e02be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://infosec.exchange/users/wiz/statuses/116483081129277482", "content": "", "creation_timestamp": "2026-04-28T15:39:25.346985Z"}, {"uuid": "48b8545d-8925-48ea-98ed-7ae4ea38a980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mkmlv6sina2t", "content": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...", "creation_timestamp": "2026-04-29T07:40:31.456445Z"}, {"uuid": "2ffdcd20-9628-4cb5-8a8d-64037981e1a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mkllzbwnek2m", "content": "", "creation_timestamp": "2026-04-28T22:10:09.796185Z"}, {"uuid": "67e6c91e-1388-49b8-a7ce-51941be9b90e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/startuphub.bsky.social/post/3mkkxjyl53c2i", "content": "", "creation_timestamp": "2026-04-28T16:03:41.402338Z"}, {"uuid": "72d9362c-a442-4cb5-8696-cab6f405d750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkljptlec42s", "content": "", "creation_timestamp": "2026-04-28T21:29:06.047402Z"}, {"uuid": "fc3cfa17-8d64-422e-8496-d4ada07b09de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/it-connect.bsky.social/post/3mkmn2bi2bc2v", "content": "\u26a0\ufe0f GitHub - CVE-2026-3854\n\nCette faille de s\u00e9curit\u00e9 permet de prendre le contr\u00f4le d'un serveur via un git push. GitHub .com est affect\u00e9, tout comme GitHub Enterprise Server.\n\nPlus d'infos par ici \ud83d\udc47 \n- www.it-connect.fr/cette-faille...\n\n#github #infosec #cybersecurite", "creation_timestamp": "2026-04-29T08:01:16.629743Z"}, {"uuid": "2bfb07c1-f01d-4c1d-9a13-5472574bc662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mkmnccusbh2v", "content": "GitHub.com\u3068GitHub Enterprise Server\u306b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027(CVE-2026-3854)\u304c\u3042\u308a\u3001\u6570\u767e\u4e07\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u5f71\u97ff\u3092\u53d7\u3051\u307e\u3059\u3002", "creation_timestamp": "2026-04-29T08:05:45.803796Z"}, {"uuid": "bc35957a-4d53-4d5d-8771-7163be9d1567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hot.hn/post/3mklk77qrvq23", "content": "", "creation_timestamp": "2026-04-28T21:37:40.514033Z"}, {"uuid": "f4c31ac8-8c47-4664-9e59-4d39ea55f7e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mkmpjkt2vw2i", "content": "Critical GitHub RCE Vulnerability in Git Push Pipeline (CVE-2026-3854) #patchmanagement", "creation_timestamp": "2026-04-29T08:45:36.131961Z"}, {"uuid": "7c0fa7d0-2296-48fa-ad15-2636bfcad488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/116484553850510231", "content": "", "creation_timestamp": "2026-04-28T21:54:00.026177Z"}, {"uuid": "d6e4d570-1397-4ff2-bdbd-80571ee74838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/topickapp.bsky.social/post/3mkmowtaspn2w", "content": "https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854\nWiz Research\u304cGitHub\u306eRCE\u8106\u5f31\u6027CVE-2026-3854\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\nGitHub\u306egit\u30a4\u30f3\u30d5\u30e9\u306b\u91cd\u5927\u306a\u6b20\u9665\u304c\u3042\u308a\u3001\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u5371\u967a\u6027\u304c\u3042\u308a\u307e\u3059\u3002\n\u8106\u5f31\u6027\u7ba1\u7406\u306e\u30ea\u30b9\u30af\u30d9\u30fc\u30b9\u512a\u5148\u9806\u4f4d\u4ed8\u3051\u304c\u91cd\u8981\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002", "creation_timestamp": "2026-04-29T08:35:08.514458Z"}, {"uuid": "bcc9492f-3a84-49de-a610-ac24c8983edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/flipso.com/post/3mklnpeogzc2w", "content": "", "creation_timestamp": "2026-04-28T22:40:24.430317Z"}, {"uuid": "94b8f256-6390-4ba6-a92a-2f0e0a90f5a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3mkll4enhm7o2", "content": "", "creation_timestamp": "2026-04-28T21:54:07.754996Z"}, {"uuid": "736d450d-716b-40b9-afdb-c6c4dacd42ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mklkmvxl5j2k", "content": "", "creation_timestamp": "2026-04-28T21:45:20.893939Z"}, {"uuid": "8b98653f-1a9c-406d-9451-48b72b534d51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3mkmou4yyr22n", "content": " \u26a0\ufe0f #GitHub: Wiz uncovers Remote Code Execution #RCE vulnerability in GitHub(.com) and GitHub Enterprise Server (CVE-2026-3854):\n\n\ud83d\udc47\n\nwww.wiz.io/blog/github-...", "creation_timestamp": "2026-04-29T08:33:37.705904Z"}, {"uuid": "5c0427d5-3bde-460e-a29e-99767810be63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/tomoyamachi.bsky.social/post/3mklo6bvbl42w", "content": "", "creation_timestamp": "2026-04-28T22:48:44.144725Z"}, {"uuid": "96fe29f8-f474-4a68-9636-1d2f142c146c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116483284337537623", "content": "", "creation_timestamp": "2026-04-28T16:34:48.559607Z"}, {"uuid": "62b80a1d-1165-4650-80e5-29d0a10f7f88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mkl3h25zbk2z", "content": "", "creation_timestamp": "2026-04-28T17:13:45.733796Z"}, {"uuid": "a2946d6b-57f9-4a4a-9fba-6904461e423b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hncompanion.com/post/3mkmqdn2b3t2y", "content": "GitHub RCE Vulnerability: CVE-2026-3854 Breakdown\nView Article | Join the HN Conversation\n\nSummary of HN discussion \ud83e\uddf5\ud83d\udc47", "creation_timestamp": "2026-04-29T09:00:12.358839Z"}, {"uuid": "d4f3e9e0-f80e-4809-94cc-a39254656468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://thehackernews.com/2026/04/researchers-discover-critical-github.html", "content": "", "creation_timestamp": "2026-04-28T16:19:00.000000Z"}, {"uuid": "6b79f7de-c8c7-40a8-bf1d-aa15da4c60df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/newsyc200.bsky.social/post/3mklq46vh3b2q", "content": "", "creation_timestamp": "2026-04-28T23:23:22.083813Z"}, {"uuid": "92af9c23-5015-4a90-99e1-924ca83cd9c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mklq7c2n2o2w", "content": "", "creation_timestamp": "2026-04-28T23:25:05.550551Z"}, {"uuid": "501c7735-4406-4511-a997-19569e5ec26c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mkl6euqw752g", "content": "", "creation_timestamp": "2026-04-28T18:06:05.495828Z"}, {"uuid": "162c9995-9bdd-4af2-aa68-5c8602d6782c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/cyberbannews_ir/21461", "content": "\ud83e\ude99 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 \u06af\u06cc\u062a\u200c\u0647\u0627\u0628 (GitHub)\u061b \u0645\u06cc\u0644\u06cc\u0648\u0646\u200c\u0647\u0627 \u0645\u062e\u0632\u0646 \u062f\u0631 \u0645\u0639\u0631\u0636 \u062e\u0637\u0631\n\n\ud83d\udd3a\u067e\u0698\u0648\u0647\u0634\u06af\u0631\u0627\u0646 \u0634\u0631\u06a9\u062a \u0648\u06cc\u0632 (Wiz) \u0627\u0632 \u06a9\u0634\u0641 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0633\u06cc\u0627\u0631 \u062e\u0637\u0631\u0646\u0627\u06a9 \u062f\u0631 \u06af\u06cc\u062a\u200c\u0647\u0627\u0628 (GitHub) \u062e\u0628\u0631 \u062f\u0627\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 \u0633\u06cc\u200c\u0648\u06cc\u200c\u0627\u06cc-\u06f2\u06f0\u06f2\u06f6-\u06f3\u06f8\u06f5\u06f4 (CVE-2026-3854) \u062b\u0628\u062a \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u200c\u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0627\u062f \u062a\u0646\u0647\u0627 \u0628\u0627 \u06cc\u06a9 \u062f\u0633\u062a\u0648\u0631 \u00ab\u06af\u06cc\u062a \u067e\u0648\u0634\u00bb (git push)\u060c \u0631\u0648\u06cc \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u067e\u0634\u062a\u06cc\u0628\u0627\u0646 \u06af\u06cc\u062a\u200c\u0647\u0627\u0628 \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f.\n\n\ud83d\udd3a\u06af\u06cc\u062a\u200c\u0647\u0627\u0628 \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0628\u0647\u200c\u0633\u0631\u0639\u062a \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0631\u0631\u0633\u06cc\u200c\u0647\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627\u06a9\u0646\u0648\u0646 \u0646\u0634\u0627\u0646\u0647\u200c\u0627\u06cc \u0627\u0632 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0648\u0627\u0642\u0639\u06cc \u0645\u0634\u0627\u0647\u062f\u0647 \u0646\u0634\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u06af\u0632\u0627\u0631\u0634 \u0648\u06cc\u0632 \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u06f8\u06f8 \u062f\u0631\u0635\u062f \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u06af\u06cc\u062a\u200c\u0647\u0627\u0628 \u0627\u06cc\u0646\u062a\u0631\u067e\u0631\u0627\u06cc\u0632 \u0633\u0631\u0648\u0631 (GitHub Enterprise Server) \u0647\u0646\u0648\u0632 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0646\u0634\u062f\u0647\u200c\u0627\u0646\u062f \u0648 \u0647\u0645\u0686\u0646\u0627\u0646 \u062f\u0631 \u0645\u0639\u0631\u0636 \u062e\u0637\u0631 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0646\u062f.\n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83d\udd39\ud83d\udd39 @cyberbannews_ir", "creation_timestamp": "2026-04-29T08:09:37.000000Z"}, {"uuid": "bd22032f-893f-46c3-accf-8e2a58861db0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/338", "content": "Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)\n\nBy exploiting an injection flaw in GitHub's internal protocol, any authenticated user could execute arbitrary commands on GitHub's backend servers with a single git push command - using nothing but a standard git client.", "creation_timestamp": "2026-04-29T06:52:41.000000Z"}, {"uuid": "fae91714-1a3b-4a14-9c69-5267d98c8c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkl5c74uc5p2", "content": "", "creation_timestamp": "2026-04-28T17:46:53.487549Z"}, {"uuid": "f5cd9e22-40bb-4d70-a4b5-72ab278f1f7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/betterhn20.e-work.xyz/post/3mkl6zguixc2y", "content": "", "creation_timestamp": "2026-04-28T18:17:36.571727Z"}, {"uuid": "f0b679a2-1269-463a-978e-e0488daba0f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://mstdn.social/users/jschauma/statuses/116485194693310326", "content": "", "creation_timestamp": "2026-04-29T00:36:56.474245Z"}, {"uuid": "1859a386-db41-458e-be7a-c226ec357cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mkl4wwu3ed2o", "content": "", "creation_timestamp": "2026-04-28T17:40:24.222804Z"}, {"uuid": "1dfa2f87-13df-40f8-90a8-6523fbabf706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/GithubRedTeam/81978", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-3854\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 5kr1pt\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-28 20:17:47\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-28T21:00:04.000000Z"}, {"uuid": "c361009c-f275-464d-bff4-b8208d473a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/ctinow/249480", "content": "CVE-2026-3854 GitHub flaw enables remote code execution\nhttps://ift.tt/70dHBYa", "creation_timestamp": "2026-04-28T21:09:24.000000Z"}, {"uuid": "0b18a267-f047-4918-b1e5-42dd6e36b344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mkl4xmc4rz2t", "content": "", "creation_timestamp": "2026-04-28T17:40:48.026736Z"}, {"uuid": "db1d5ff9-07a8-446a-b221-3bda3d95be70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/39923", "content": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push \u2013 thehackernews.com\n\nWed, 29 Apr 2026 02:19:00", "creation_timestamp": "2026-04-28T20:03:23.000000Z"}, {"uuid": "13c2f7cb-c12d-4ea6-8390-69dc74a540a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10009", "content": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push \u2013 thehackernews.com\n\nWed, 29 Apr 2026 02:19:00", "creation_timestamp": "2026-04-28T20:03:23.000000Z"}, {"uuid": "8338feef-6831-46c6-874b-441014e14bd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/ctinow/249473", "content": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push\nhttps://ift.tt/G52xsnC", "creation_timestamp": "2026-04-28T19:14:13.000000Z"}, {"uuid": "911b8e60-ed7b-47b9-ba65-dc8e5c7112b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkl7hemno6y2", "content": "", "creation_timestamp": "2026-04-28T18:25:24.992323Z"}, {"uuid": "86d89bb9-697e-4198-9a01-f8664d706437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/jschauma.mstdn.social.ap.brid.gy/post/3mklua5xv7o52", "content": "", "creation_timestamp": "2026-04-29T00:37:18.842835Z"}, {"uuid": "768c135f-f904-4db2-b4ff-36534c78032e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3mklbfg6gmn2x", "content": "", "creation_timestamp": "2026-04-28T19:00:05.291859Z"}, {"uuid": "fafd2539-de2f-4626-86a0-ee827af238e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mklbfgb4ew2r", "content": "", "creation_timestamp": "2026-04-28T19:00:05.871885Z"}, {"uuid": "8c31f3c6-71fb-4aa5-ac11-623218be9c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3mkl63udayc25", "content": "", "creation_timestamp": "2026-04-28T18:01:02.975672Z"}, {"uuid": "623f2b48-7bf2-4e87-aa3c-1583d17e5935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/", "content": "", "creation_timestamp": "2026-04-28T13:30:00.000000Z"}, {"uuid": "e0e32287-adad-4f2b-81c6-43bd6ca91049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hackernewstop5.bsky.social/post/3mklbqni45v26", "content": "", "creation_timestamp": "2026-04-28T19:06:22.073368Z"}, {"uuid": "f7ba9085-4240-4602-b941-fffeb75d269e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mkla6o2bfk2d", "content": "", "creation_timestamp": "2026-04-28T18:38:33.230740Z"}, {"uuid": "6406f328-3d2c-43e6-b034-00efe87de315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mklxvq4ssk2w", "content": "", "creation_timestamp": "2026-04-29T01:42:55.721067Z"}, {"uuid": "ff57b2d2-8b3f-4a8a-8d96-df2dfb2811e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/newsyc250.bsky.social/post/3mklzm6ydil2d", "content": "", "creation_timestamp": "2026-04-29T02:13:22.066809Z"}, {"uuid": "dc0f3c36-5af7-435b-b249-e96124b6556b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mklwe237iu2m", "content": "", "creation_timestamp": "2026-04-29T01:15:07.785609Z"}, {"uuid": "aac52a88-ade5-4d03-bdb6-62595d723cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/betterhn50.e-work.xyz/post/3mklbagj3fj2c", "content": "", "creation_timestamp": "2026-04-28T18:57:17.945561Z"}, {"uuid": "3fe9c883-0b91-42c5-b214-a24d098804de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/cyberwarriorsme.bsky.social/post/3mkmzcz5wym2a", "content": "GitHub Resolves Critical RCE Vulnerability CVE-2026-3854 in Under Two Hours", "creation_timestamp": "2026-04-29T11:40:55.250341Z"}, {"uuid": "c66ba1ae-512e-4191-bb3e-73cacf0a72b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkm4jcdxeh2a", "content": "", "creation_timestamp": "2026-04-29T03:05:26.532316Z"}, {"uuid": "4e1d7bb3-8bd5-44d0-93b5-8a8d0c28e347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkm4mcvafb25", "content": "", "creation_timestamp": "2026-04-29T03:07:08.958489Z"}, {"uuid": "a57ffa14-1c27-4fcb-979c-2c56525e5cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkm4wqym4d2s", "content": "", "creation_timestamp": "2026-04-29T03:12:58.363956Z"}, {"uuid": "01f63b86-4678-4c8d-93ac-1cbc85e5719b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hn.rbrt.fr/post/3mkm6772si32y", "content": "", "creation_timestamp": "2026-04-29T03:35:34.955880Z"}, {"uuid": "c836ae99-3668-4ba4-aabb-fbd7940329fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkm772ki4724", "content": "", "creation_timestamp": "2026-04-29T03:53:25.430253Z"}, {"uuid": "bc0cb109-cf7b-4d91-b7c1-9d55c8bd61d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hacker-news-jp.bsky.social/post/3mkmzjpbdex2n", "content": "\ud83d\udca1 Summary: \n\nWiz Research \u304c GitHub \u306e\u5185\u90e8 git \u30a4\u30f3\u30d5\u30e9\u306b\u6df1\u523b\u306a\u8106\u5f31\u6027 CVE-2026-3854 \u3092\u767a\u898b\u3002\u8a8d\u8a3c\u6e08\u307f\u30e6\u30fc\u30b6\u30fc\u304c git push 1 \u56de\u3067\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u304c\u53ef\u80fd\u3067\u3001GitHub Enterprise Server \u3067\u306f\u5168\u30b5\u30fc\u30d0\u30fc\u306e\u4e57\u3063\u53d6\u308a\u3001GitHub.com \u3067\u306f\u5171\u6709\u30b9\u30c8\u30ec\u30fc\u30b8\u30ce\u30fc\u30c9\u4e0a\u306e\u591a\u6570\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u3078\u5f71\u97ff\u3092\u53ca\u307c\u3059\u6050\u308c\u304c\u3042\u308b\u3002GitHub \u306f GitHub.com \u3092\u5373\u6642\u7de9\u548c\u3001GHES \u306b\u306f\u8106\u5f31\u6027\u4fee\u6b63\u3092\u63d0\u4f9b\u3001GHES \u306e\u5f71\u97ff\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306f\u307e\u3060\u591a\u304f\u304c\u8106\u5f31\u3068\u306e\u3053\u3068\u3002", "creation_timestamp": "2026-04-29T11:44:37.932803Z"}, {"uuid": "ba56c638-285f-4705-9bc3-91d4af7b46fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hacker-news-jp.bsky.social/post/3mkmzjh2oss26", "content": "GitHub\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u8106\u5f31\u6027\uff1aCVE-2026-3854\u306e\u8a73\u7d30\u89e3\u8aac\nGitHub RCE Vulnerability: CVE-2026-3854 Breakdown\n\n\ud83d\udd3a 382\n\ud83d\udcac 13\n\ud83d\udd17 HN Post | Article", "creation_timestamp": "2026-04-29T11:44:30.003655Z"}, {"uuid": "23c61788-a1fb-4ba4-bc10-5031b5581ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/bleepingcomputer.com/post/3mkn4plwmx42x", "content": "In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854)\u00a0that could have allowed\u00a0attackers to access millions of private repositories.", "creation_timestamp": "2026-04-29T12:41:37.500105Z"}, {"uuid": "9c7dde8b-9775-4685-b816-e8fd5083810d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hack4career.com/post/3mkn3a5lvca2t", "content": "CVE-2026-3854 Exposes a Critical Weak Point in GitHub\u2019s Git Push Pipeline socradar.io/blog/cve-202...", "creation_timestamp": "2026-04-29T12:15:06.566706Z"}, {"uuid": "9f1cd921-98d7-40ed-81d8-1987fb2be8be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/BleepingComputer/24564", "content": "\u200aGitHub fixes RCE flaw that gave access to millions of private repos\n\nIn early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854)\u00a0that could have allowed\u00a0attackers to access millions of private repositories. [...]\n\nhttps://www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/", "creation_timestamp": "2026-04-29T13:16:00.000000Z"}, {"uuid": "0cf93891-e5ef-43e3-9fbb-6e1c146a6b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/eltableroglobal.bsky.social/post/3mknbyp3en62t", "content": "GitHub RCE Vulnerability: CVE-2026-3854 Breakdown\n\nArticle URL: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 Comments URL: https://news.ycombinator.com/item?id=47936479 Points: 397 # Comments: 85\n\nFuente: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854", "creation_timestamp": "2026-04-29T14:16:11.625460Z"}, {"uuid": "7ed8a7ec-7916-4ed0-af91-e74428fc40d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mknch4vcq22x", "content": "88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)\n\n\ud83d\udd17 Read more: www.helpnetsecurity.com/2026/04/29/c...\n\n#GitHub #vulnerability #cybersecurity", "creation_timestamp": "2026-04-29T14:24:20.324321Z"}, {"uuid": "5ead76be-c3f9-4ee8-8e6a-2c9a5a305dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/yukotan.bsky.social/post/3mknb42xfts2x", "content": "GitHub Enterprise \u3092\u5229\u7528\u3057\u3066\u3044\u308b\u65b9\u306f\u304a\u65e9\u3081\u306b\u3002\n\nGitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog \nwww.wiz.io/blog/github-...", "creation_timestamp": "2026-04-29T14:00:17.787284Z"}, {"uuid": "4adc64ec-a0d1-441b-8283-1a39fae4efe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/geeknewsbot.bsky.social/post/3mknehcokdz2c", "content": "GitHub \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589 \ucde8\uc57d\uc810: CVE-2026-3854 \ubd84\uc11d\n\ngit push \uacbd\ub85c\uc758 \ub0b4\ubd80 \ud504\ub85c\ud1a0\ucf5c \uacb0\ud568 \ub9cc\uc73c\ub85c \ubc31\uc5d4\ub4dc\uc5d0\uc11c \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc774 \uac00\ub2a5\ud588\uace0, GitHub.com\uc740 \uc774\ubbf8 \uc644\ud654\ub410\uc9c0\ub9cc GHES \ub294 \ud328\uce58 \uc801\uc6a9\uc774 \ud544\uc694\ud568 \uc0ac\uc6a9\uc790 \uc81c\uc5b4 \uc785\ub825\uc778 push option \uc774 X-Stat \ud5e4\ub354\uc5d0 \uadf8\ub300\ub85c \ub4e4\uc5b4\uac00\uba74\uc11c \uc138\ubbf8\ucf5c\ub860 \ud558\ub098\ub85c ...", "creation_timestamp": "2026-04-29T15:00:09.037600Z"}, {"uuid": "3d8b798a-5a47-477b-af83-3f1970fcf139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkngjfxq622h", "content": "\ud83d\udccc GitHub Vulnerability CVE-2026-3854 Exploitable via Simple Git Push Command https://www.cyberhub.blog/article/24958-github-vulnerability-cve-2026-3854-exploitable-via-simple-git-push-command", "creation_timestamp": "2026-04-29T15:37:08.289303Z"}, {"uuid": "1a8be346-98cb-4a1d-8b2d-c4028d774281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/true_secator/8156", "content": "GitHub \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2026-3854), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430\u043c \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432.\n\n\u041e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0435\u0449\u0435 4 \u043c\u0430\u0440\u0442\u0430 2026 \u0433\u043e\u0434\u0430 \u043e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Wiz \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a GitHub.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 GitHub,\u00a0\u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 40 \u043c\u0438\u043d\u0443\u0442, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0430 GitHub.com \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 \u0434\u0432\u0430 \u0447\u0430\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f.\n\nCVE-2026-3854 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud \u0441 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445, GitHub Enterprise Cloud \u0441 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f \u0438 GitHub Enterprise Server.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0434\u043d\u043e\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u044b git push, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043d\u0430 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u043a \u0447\u0430\u0441\u0442\u043d\u044b\u043c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c \u043d\u0430 GitHub.com \u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c GitHub Enterprise.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u043a\u0430\u043a GitHub \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 git push: \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442\u0441\u044f \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0431\u0435\u0437 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0434\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043d\u0438\u0436\u0435\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u0441\u0435\u0440\u0432\u0438\u0441.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 \u00ab\u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b\u00bb \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0435\u043c push-\u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435, \u043f\u0443\u0442\u0435\u043c \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443.\n\n\u041a\u0430\u043a \u0437\u0430\u044f\u0432\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Wiz, \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u043a\u043e\u0434\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435\u0445 \u043a\u0440\u0443\u043f\u043d\u0435\u0439\u0448\u0438\u0445 \u043c\u0438\u0440\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0435\u0451 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0444\u0435\u0440\u0435 SaaS, \u043a\u043e\u0433\u0434\u0430-\u043b\u0438\u0431\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445.\n\n\u041d\u0430 GitHub.com \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u0437\u043b\u0430\u0445 \u043e\u0431\u0449\u0435\u0433\u043e \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Wiz \u0442\u0430\u043a\u0436\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u044c, \u0447\u0442\u043e \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0431\u044b\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0443\u0437\u043b\u0430\u0445.\n\n\u041d\u0430 GitHub Enterprise Server \u0442\u0430 \u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u043e \u0432\u0441\u0435\u043c \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u044b\u043c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u043a\u0440\u0435\u0442\u0430\u043c.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e GitHub \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u044d\u0442\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 GitHub.com \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 6 \u0447\u0430\u0441\u043e\u0432, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c GitHub Enterprise Server (GHES) \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043a\u043e\u043b\u043e 88% \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 GHES \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438.\n\n\u0412\u043c\u0435\u0441\u0442\u0435 \u0441 \u0442\u0435\u043c, \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435 \u0432\u044b\u044f\u0432\u0438\u043b\u043e \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u043d\u0435\u0439 Wiz, \u0430 GitHub \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0435 \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u043a\u0430\u0436\u0434\u044b\u0439 \u0441\u043b\u0443\u0447\u0430\u0439 \u0430\u043d\u043e\u043c\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0431\u044b\u043b \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Wiz.\n\n\u041d\u0438\u043a\u0430\u043a\u0438\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u043b\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0435 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043a\u043e\u0434, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0422\u0430\u043a \u0447\u0442\u043e, \u043a\u0430\u043a \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442\u0441\u044f, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2026-3854 \u0434\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043d\u0430 GitHub.com \u043d\u0435 \u0431\u044b\u043b \u043f\u043e\u043b\u0443\u0447\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0438\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0443\u0442\u0435\u0447\u043a\u0430.\n\n\u0414\u043b\u044f GitHub Enterprise Server \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445), \u0432\u0441\u0435\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c GHES \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f.", "creation_timestamp": "2026-04-29T14:45:15.000000Z"}, {"uuid": "2daa36ea-8781-4768-8bdb-6031d05fd5dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://gist.github.com/KenjiChao/9c59f1239349288f3e2a34b8215b5c0c", "content": "", "creation_timestamp": "2026-04-29T17:06:32.000000Z"}, {"uuid": "8312af22-6be2-49c0-9c7a-cd3cbe821a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkniol5hvs2u", "content": "A severe RCE vulnerability (CVE-2026-3854) in GitHub could compromise millions of private repositories. GitHub fixed it fast, but most self-hosted enterprise instances are still exposed. This highlights a major challenge in enterprise\u2026\n\nhttps://www.tpp.blog/1po0oxf\n\n#cybersecurity #github #wiz", "creation_timestamp": "2026-04-29T16:15:47.827516Z"}, {"uuid": "17158829-b148-4dd6-9342-78bfac45bde7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mknnms76t22g", "content": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push\n\nCybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain rem\u2026\n#hackernews #news", "creation_timestamp": "2026-04-29T17:44:17.057000Z"}, {"uuid": "6a15d551-1e48-4f2d-8078-a5d90daef666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mknlntohsp2y", "content": "Critical RCE vulnerability CVE-2026-3854 in GitHub's infrastructure could have exposed millions of repositories. Update your systems now to stay secure. #GitHub #CyberSecurity #RCE Link: thedailytechfeed.com/github-vulne...", "creation_timestamp": "2026-04-29T17:09:05.539397Z"}, {"uuid": "34dfc44a-e5c6-4859-adb5-73909d58de2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/laresai.danielesalatti.it/post/3mknrgtlwsi2d", "content": "The GitHub trust crisis stopped being a future problem this week. Ghostty leaving (2257pts top-10 HN). \"Before GitHub\" by Armin Ronacher. RCE CVE-2026-3854 still at 313pts after 24h. \"GitHub Actions is the weakest link.\" BookStack already moved. The cascade is the story.", "creation_timestamp": "2026-04-29T18:52:32.574342Z"}, {"uuid": "a22fa7b3-c6a9-4859-9f42-e00647b8bcf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/GithubRedTeam/82085", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-3854-test\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a simondankelmann\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-29 16:53:13\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-3854 patch bypass testing\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-29T17:00:04.000000Z"}, {"uuid": "f8ab27b5-03ad-4005-a44a-ab588e200d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/ehcgroup.bsky.social/post/3mknrp6vnis2g", "content": "Advierten que el 88% de los servidores GitHub autohospedados est\u00e1n expuestos a la ejecuci\u00f3n remota de c\u00f3digo (CVE-2026-3854).\n\nLa versi\u00f3n en la nube ya est\u00e1 parchada, pero si usas la versi\u00f3n Enterprise Server, \u00a1debes actualizar de inmediato a las versiones corregidas\nwww.linkedin.com/pulse/invest...", "creation_timestamp": "2026-04-29T18:57:14.490588Z"}, {"uuid": "d78170cd-42e2-40b3-9be2-47f4a01a43e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "Telegram/TYuQV-nd2shxDotowQDGMIReMv7gTvEeMY_osL7KThuex0s", "content": "", "creation_timestamp": "2026-04-29T21:00:04.000000Z"}, {"uuid": "c62aff48-c2a0-4087-8f46-d95d397eb1da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "Telegram/tU2jmdbw4RGZTBUbD4dAUWYmR23KETwFYGSN5xZtWnjEejM", "content": "", "creation_timestamp": "2026-04-29T09:00:05.000000Z"}, {"uuid": "55e43e26-7321-453b-87d1-a659781992a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sctocs.bsky.social/post/3mknxntbons2t", "content": "Researchers have uncovered a critical GitHub vulnerability (CVE-2026-3854) allowing remote code execution through a single Git push\nThe flaw could enable attackers to compromise repositories and impact CI/CD pipelines with minimal effort posing a serious supply chain risk\n sctocs.com/github-cve-2...", "creation_timestamp": "2026-04-29T20:43:56.163892Z"}, {"uuid": "ba8344e9-614b-484e-998d-b846e5c7999f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "Telegram/DejYBhAAqmnzlDgPgKJnfj-csYLXEQTMeHlFlO7t5L8Y-g8", "content": "", "creation_timestamp": "2026-04-29T03:00:06.000000Z"}, {"uuid": "60c0b8b3-1c19-493d-a26d-6f55daf07c38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mknylnbgvr2o", "content": "GitHub fixed a critical RCE flaw (CVE-2026-3854) allowing attackers to access millions of private repos via a malicious git push. GitHub.com patched it fast, but many Enterprise Servers remain at risk and need urgent updates. #CVE20263854 #GitHub", "creation_timestamp": "2026-04-29T21:00:29.878908Z"}, {"uuid": "8e7f1478-c4f1-4750-8bb8-2770c9ce256e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkodivmmzgk2", "content": "Critical GitHub flaw CVE-2026-3854 lets attackers execute code with single git push command A critical GitHub vulnerability (CVE-2026-3854) allows authenticated users to execute remote code with a ...\n\n#Data #Breaches #& #Scandals\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T00:15:49.370497Z"}, {"uuid": "0c62c913-2b53-4898-ac3e-fb672af12579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mknzrtgmik2g", "content": "CVE-2026-3854 GitHub flaw enables remote code execution\n\nCritical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code e\u2026\n#hackernews #news", "creation_timestamp": "2026-04-29T21:21:50.822878Z"}, {"uuid": "1e109c3a-8581-454d-8895-7c9f75fcb92e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mkoesviatn2p", "content": "\u7814\u7a76\u8005\u3089\u304c\u3001\u5358\u4e00\u306eGit\u30d7\u30c3\u30b7\u30e5\u3067\u60aa\u7528\u53ef\u80fd\u306aGitHub\u306e\u91cd\u5927\u306aRCE\u8106\u5f31\u6027CVE-2026-3854\u3092\u767a\u898b \n\nResearchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push #HackerNews (Apr 28)\n\nthehackernews.com/2026/04/rese...", "creation_timestamp": "2026-04-30T00:39:17.889786Z"}, {"uuid": "b91713ef-e192-49dc-9665-437a29a3dbce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mkoeuti4av26", "content": "\u7814\u7a76\u8005\u3089\u306f\u3001\u81ea\u5df1\u30db\u30b9\u30c8\u578b\u306eGitHub\u30b5\u30fc\u30d0\u30fc\u306e88%\u304c\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u306e\u8106\u5f31\u6027\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u308b\u3068\u8b66\u544a\u3057\u3066\u3044\u308b\uff08CVE-2026-3854\uff09 \n\n88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854) #HelpNetSecurity (Apr 29)\n\nwww.helpnetsecurity.com/2026/04/29/c...", "creation_timestamp": "2026-04-30T00:40:22.781827Z"}, {"uuid": "227f8814-0227-452e-8e06-893af66ace2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/simoneb.bsky.social/post/3mkoakcoklj2u", "content": "www.wiz.io/blog/github-...\n\nWiz Research, discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure \n\n$ git push -o '\ud83e\udd2b'\nremote: uid=500(git) gid=500(git) groups=500(git)\n\nletting them inject arbitrary internal fields and override security-critical configuration.", "creation_timestamp": "2026-04-29T23:22:54.331681Z"}, {"uuid": "fb41a2a5-1fb2-4652-9227-dae17c266e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkokzbugzf2x", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 53 interactions\nCVE-2026-3854: 48 interactions\nCVE-2026-42208: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 53 interactions\nCVE-2026-3854: 31 interactions\nCVE-2026-5545: 17 interactions\n", "creation_timestamp": "2026-04-30T02:30:14.331407Z"}, {"uuid": "50f362eb-c73f-45e6-9b3d-4b05d8c2521f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mkp2sluooc2g", "content": "GitHub fixes RCE flaw that gave access to millions of private repos\n\nIn early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854)\u00a0that could have allowed\u00a0attackers to access millions of private repositories. [...]\n#hackernews #news", "creation_timestamp": "2026-04-30T07:12:50.236572Z"}, {"uuid": "f264fe43-cfe0-43b1-a698-af6181460214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkoluhkdv222", "content": "GitHub fixed CVE-2026-3854, a critical RCE flaw in both cloud and GitHub Enterprise Server. Authenticated users with write access could execute commands via manipulated git push options. #GitHubSecurity #RCEVulnerability #EnterpriseServer", "creation_timestamp": "2026-04-30T02:45:26.710738Z"}, {"uuid": "d431d6b1-5f51-4b9c-baa3-a68c9831efea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mkoo4xagh52w", "content": "\ud83d\udcf0 GitHub Perbaiki Celah RCE yang Beri Akses ke Jutaan Repositori Pribadi\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/04/30/github-perbaiki-celah-rce-yang-beri-akses-ke-jutaan-repositori-pribadi/\n\n#beritaTeknologi #bugBounty #cve-2026-3854 #gitPush #github #githubEnterpriseServe", "creation_timestamp": "2026-04-30T03:25:58.746422Z"}, {"uuid": "ffc5f69e-77ce-4be7-a577-7e2c90f4c344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkopyzl7lb2i", "content": "The latest update for #CyCognito includes \"Emerging Threat: (CVE-2026-3854) #GitHub Enterprise Server RCE via Git Push Injection\" and \"Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass\".\n \n#cybersecurity #AttackSurfaceManagement https://opsmtrs.com/44Srq0X", "creation_timestamp": "2026-04-30T03:59:34.294183Z"}, {"uuid": "02381192-6f72-41f2-993b-9c756a599953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/ransomnews.online/post/3mkpcuiuvza2a", "content": "\u26a0\ufe0f Git push became backend RCE on GitHub\n\nCVE-2026-3854 let any authenticated user run commands on #GitHub backend servers with a single git push, and Wiz said millions of public and private repos were reachable on affected nodes. \n\n\ud83d\udd17 read more: www.securityweek.com/critical-git...\n\n#ransomNews #rce", "creation_timestamp": "2026-04-30T09:37:04.398373Z"}, {"uuid": "9e1496d6-a567-4ad6-9bcb-0f070477cd9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/hexonbot.bsky.social/post/3mkq5d5xf5u22", "content": "GitHub CVE-2026-3854: A single git push could have compromised millions of repos. 88% of enterprise servers still unpatched. https://www.hexon.bot/blog/github-cve-2026-3854-rce-single-git-push #AISecurity #GitHub #CVE", "creation_timestamp": "2026-04-30T17:30:32.849932Z"}, {"uuid": "bd910664-e24b-4f94-89c0-a9c022a2081f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwyetu2q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:13:11.991382Z"}, {"uuid": "95fcd62e-9c73-4b3c-b177-38c1faaeeafc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy6yc2q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:13:03.299486Z"}, {"uuid": "b5102d75-6317-4009-80b3-3beaa2f0d098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwybw32q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:13:08.554981Z"}, {"uuid": "2b2d8c15-4797-42f7-a7e0-70322882234c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwybw42q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:13:10.307939Z"}, {"uuid": "665b443b-3bde-490a-a280-2727a0e9e7ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy7xk2q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:13:04.962789Z"}, {"uuid": "9d7224b3-15ee-4ead-af44-6e628f48e1cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwybw22q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:13:06.879939Z"}, {"uuid": "c83eaa07-8ff3-4b72-b98d-0b1400cb9d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/lu1tr0n.bsky.social/post/3mkppbgqghh2v", "content": "GitHub parch\u00f3 CVE-2026-3854: un solo `git push` daba RCE y expon\u00eda millones de repositorios\n\n\nhttps://elsolitario.org/2026/04/30/github-parcho-cve-2026-3854-un-solo-git-push-daba-rce-y-exponia-millones-de-repo/?utm_source=bluesky&utm_medium=social&utm_campaign=programacion", "creation_timestamp": "2026-04-30T13:19:04.951321Z"}, {"uuid": "1d3864e8-cbf8-4323-a9b0-ae590b655d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/guardian360.bsky.social/post/3mkpppwqdmn2n", "content": "GitHub yesterday disclosed CVE-2026-3854, a high severity (8.7 CVSS) vulnerability identified in GitHub Enterprise Server that would grant an attacker with push access to a repository to achieve remote code execution.", "creation_timestamp": "2026-04-30T13:27:09.725336Z"}, {"uuid": "23103cc7-a66b-4936-b3eb-a1f17f4fe891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116494203178194408", "content": "\ud83d\udcf0 Critical GitHub RCE Flaw (CVE-2026-3854) Allowed Full Server Compromise via Single 'git push'\n\ud83d\udca5 Critical RCE flaw in GitHub (CVE-2026-3854) allowed repo access via a single `git push` command! Affects GitHub.com & Enterprise Server. Patches are out, but 88% of internet-facing GHES are still vulnerable. #GitHub #RCE #DevSecOps\n\ud83d\udd17 https://cyber.netsecops.io", "creation_timestamp": "2026-04-30T14:47:54.328158Z"}, {"uuid": "a20557d6-761a-457a-a548-cbed21e1d629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mkpub5liap2q", "content": "\ud83d\udca5 Critical RCE flaw in GitHub (CVE-2026-3854) allowed repo access via a single `git push` command! Affects GitHub.com & Enterprise Server. Patches are out, but 88% of internet-facing GHES are still vulnerable. #GitHub #RCE #DevSecOps", "creation_timestamp": "2026-04-30T14:48:22.911636Z"}, {"uuid": "3e04fdb6-885c-4a4a-ac0f-900a2eea2732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwxrcs2q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:12:56.073439Z"}, {"uuid": "0f4a2913-3fdf-486b-b5c7-a81eab31118e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy33c2q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:12:58.056702Z"}, {"uuid": "924ae615-d1f6-49ad-9938-77bb7469efb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy42k2q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:12:59.760337Z"}, {"uuid": "67b662d9-3ec0-45f7-a501-f81c359890a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy4zs2q", "content": "3/ \ud83d\udc19 GitHub CVE-2026-3854: One \"git push\" = remote code execution. Millions of repos were exposed. GitHub.com patched in 2 hours, but 88% of self-hosted Enterprise servers still vulnerable.", "creation_timestamp": "2026-04-30T15:13:01.412648Z"}, {"uuid": "d0999c5e-17a7-4827-851c-301b112230d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkypwv2eqk2j", "content": "The latest update for #CyCognito includes \"Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF Injection\" and \"Emerging Threat: (CVE-2026-3854) #GitHub Enterprise Server RCE via Git Push Injection\".\n \n#cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X", "creation_timestamp": "2026-05-04T03:25:00.136591Z"}, {"uuid": "41265f7e-5b14-40ae-b6f0-6412281a6767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/habr_com_news/46136", "content": "\u0412 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u0440\u0442\u0430 GitHub \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (CVE-2026-3854), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430\u043c \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u0441\u0435\u0440\u0432\u0438\u0441\u044b", "creation_timestamp": "2026-04-30T14:08:26.000000Z"}, {"uuid": "dcba21c7-2a6a-45f7-bd09-62eec4b99292", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkr3im64kw25", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 213 interactions\nCVE-2026-3854: 53 interactions\nCVE-2026-41940: 32 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 160 interactions\nCVE-2026-41940: 31 interactions\nCVE-2025-31431: 29 interactions\n", "creation_timestamp": "2026-05-01T02:30:27.955239Z"}, {"uuid": "9173d31c-29ee-4954-a2b5-4d8488e92733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/thehackernews/8894", "content": "\ud83d\udd25 GitHub RCE via single git push!\n\nCVE-2026-3854: Unsanitized push options let attackers run commands on backend servers, bypassing sandboxing (cross-tenant risk).\n\n\ud83d\udd17 Learn how header injection led to full compromise \u2192 https://thehackernews.com/2026/04/researchers-discover-critical-github.html\n\nPatched within hours.", "creation_timestamp": "2026-04-28T18:23:12.000000Z"}, {"uuid": "87e2cca0-e0d5-4c44-9e3b-338961286bc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/samilaiho.com/post/3ml3jitnutk2d", "content": "Critical GitHub RCE Vulnerability CVE-2026-3854 Allows Arbitrary Commands\nURL: nvd.nist.gov/vuln/detail/...\nClassification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 8.8", "creation_timestamp": "2026-05-05T06:07:47.266378Z"}, {"uuid": "73718fad-c483-49bc-a5d8-e0da7c366a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/information_security_channel/55192", "content": "Critical GitHub Vulnerability Exposed Millions of Repositories\nhttps://www.securityweek.com/critical-github-vulnerability-exposed-millions-of-repositories/\n\nThe remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server.\nThe post Critical GitHub Vulnerability Exposed Millions of Repositories (https://www.securityweek.com/critical-github-vulnerability-exposed-millions-of-repositories/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2026-04-29T07:07:15.000000Z"}, {"uuid": "69b4cc9e-fd2d-4bb4-a58e-708ea04bbad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/codeby_sec/10084", "content": "\u041e\u0434\u0438\u043d git push \u2014 \u0438 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0447\u0443\u0436\u0438\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0443 \u0442\u0435\u0431\u044f \u0432 \u043a\u0430\u0440\u043c\u0430\u043d\u0435\n\n\u0412 \u043c\u0430\u0440\u0442\u0435 2026 \u0433\u043e\u0434\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 Wiz Research \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0440\u0435\u043f\u043e\u0440\u0442 \u0432 GitHub Bug Bounty. \u0427\u0435\u0440\u0435\u0437 40 \u043c\u0438\u043d\u0443\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438, \u0447\u0435\u0440\u0435\u0437 \u0434\u0432\u0430 \u0447\u0430\u0441\u0430 \u043d\u0430 github.com \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447. \u0421\u043a\u043e\u0440\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043a\u0446\u0438\u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u043e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b: \u043e\u0434\u0438\u043d crafted push option \u0434\u0430\u0432\u0430\u043b RCE \u043d\u0430 \u0431\u044d\u043a\u0435\u043d\u0434-\u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u043c \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u043c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c \u0447\u0443\u0436\u0438\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439. \u041d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f 88% self-hosted GHES-\u0438\u043d\u0441\u0442\u0430\u043d\u0441\u043e\u0432 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b.\n\n\u041d\u043e \u0441\u0430\u043c\u043e\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0442\u0443\u0442 \u2014 \u043d\u0435 \u0441\u0430\u043c\u0430 \u0434\u044b\u0440\u0430, \u0430 \u0442\u043e, \u043a\u0430\u043a \u0435\u0451 \u043d\u0430\u0448\u043b\u0438.\n\n\ud83d\udd0d \u0410\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0434\u0432\u0435\u043b\u0430\n\n\u041a\u043e\u0433\u0434\u0430 \u0442\u044b \u0434\u0435\u043b\u0430\u0435\u0448\u044c git push \u043d\u0430 GitHub \u0447\u0435\u0440\u0435\u0437 SSH, \u0437\u0430\u043f\u0440\u043e\u0441 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0438\u0437 \u0447\u0435\u0442\u044b\u0440\u0451\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432: babeld (git-\u043f\u0440\u043e\u043a\u0441\u0438) \u2192 gitauth (\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f) \u2192 gitrpcd (\u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 RPC) \u2192 pre-receive hook. \u041a\u0430\u0436\u0434\u044b\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d \u043d\u0430 \u0441\u0432\u043e\u0451\u043c \u044f\u0437\u044b\u043a\u0435. \u0418 \u043a\u0430\u0436\u0434\u044b\u0439 \u0431\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e \u0434\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u043c\u0443.\n\n\u0421\u0432\u044f\u0437\u0443\u044e\u0449\u0435\u0435 \u0437\u0432\u0435\u043d\u043e \u043c\u0435\u0436\u0434\u0443 \u043d\u0438\u043c\u0438 \u2014 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a X-Stat. \u0424\u043e\u0440\u043c\u0430\u0442 \u043f\u0440\u0438\u043c\u0438\u0442\u0438\u0432\u043d\u044b\u0439: \u043f\u0430\u0440\u044b key=value, \u0440\u0430\u0437\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0435 \u0442\u043e\u0447\u043a\u043e\u0439 \u0441 \u0437\u0430\u043f\u044f\u0442\u043e\u0439. \u041f\u0430\u0440\u0441\u0438\u043d\u0433 \u2014 \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u044b\u0439 split. \u0410 \u0434\u0430\u043b\u044c\u0448\u0435 \u2014 \u0434\u0435\u0442\u0430\u043b\u044c, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u0441\u0451 \u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f: \u0435\u0441\u043b\u0438 \u043a\u043b\u044e\u0447 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442\u0441\u044f \u0434\u0432\u0430\u0436\u0434\u044b, \u0432\u0442\u043e\u0440\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0442\u0438\u0445\u043e \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u043f\u0435\u0440\u0432\u043e\u0435. \u0411\u0435\u0437 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0439, \u0431\u0435\u0437 \u043b\u043e\u0433\u043e\u0432. Last-write-wins.\n\nPush options \u2014 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u0430\u044f \u0444\u0438\u0447\u0430 git-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 (git push -o ). babeld \u043a\u043e\u0434\u0438\u0440\u0443\u0435\u0442 \u0438\u0445 \u043a\u0430\u043a \u043f\u043e\u043b\u044f \u0432 X-Stat. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435. \u0422\u043e\u0447\u043a\u0430 \u0441 \u0437\u0430\u043f\u044f\u0442\u043e\u0439 \u043d\u0435 \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f. \u0417\u043d\u0430\u0447\u0438\u0442, \u0447\u0435\u0440\u0435\u0437 push option \u043c\u043e\u0436\u043d\u043e \u0438\u043d\u0436\u0435\u043a\u0442\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f \u0432 X-Stat, \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u044f security-\u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u2014 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c command injection.\n\n\u2699\ufe0f \u041a\u0430\u043a AI \u043f\u043e\u043c\u043e\u0433 \u2014 \u0438 \u0433\u0434\u0435 \u043d\u0435 \u043f\u043e\u043c\u043e\u0433\n\nWiz \u043a\u043e\u043f\u0430\u043b\u0438 GHES \u0438 \u0440\u0430\u043d\u044c\u0448\u0435, \u043d\u043e \u043e\u0431\u044a\u0451\u043c \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0445 \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a\u043e\u0432 \u0434\u0435\u043b\u0430\u043b \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u044b\u0439 \u0430\u0443\u0434\u0438\u0442 \u043d\u0435\u0440\u0435\u043d\u0442\u0430\u0431\u0435\u043b\u044c\u043d\u044b\u043c. \u0414\u0435\u0441\u044f\u0442\u043a\u0438 \u0441\u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u0431\u0435\u0437 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u043e\u0432 \u2014 \u0440\u0443\u0447\u043d\u043e\u0439 \u0440\u0435\u0432\u0435\u0440\u0441 \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0432 IDA Pro \u0437\u0430\u043d\u044f\u043b \u0431\u044b \u043c\u0435\u0441\u044f\u0446\u044b.\n\n\u041f\u0440\u043e\u0440\u044b\u0432 \u0441\u043b\u0443\u0447\u0438\u043b\u0441\u044f \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f IDA MCP \u2014 AI-\u0442\u0443\u043b\u0438\u043d\u0433\u0443 \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0435\u0432\u0435\u0440\u0441-\u0438\u043d\u0436\u0438\u043d\u0438\u0440\u0438\u043d\u0433\u0430. \u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0438\u043f\u043e\u0432, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u0440\u0435\u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u2014 \u0440\u0443\u0442\u0438\u043d\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u044c\u0448\u0435 \u0437\u0430\u043d\u0438\u043c\u0430\u043b\u0430 \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430 \u043e\u0434\u0438\u043d \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a, \u0443\u0441\u043a\u043e\u0440\u0438\u043b\u0430\u0441\u044c \u043d\u0430 \u043f\u043e\u0440\u044f\u0434\u043e\u043a.\n\n\u041d\u043e \u0432\u043e\u0442 \u0447\u0442\u043e \u0432\u0430\u0436\u043d\u043e: AI \u0443\u0441\u043a\u043e\u0440\u0438\u043b \u0440\u0443\u0442\u0438\u043d\u0443, \u0430 \u043d\u0435 \u043d\u0430\u0448\u0451\u043b \u0431\u0430\u0433. \u041f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u0442\u043e\u0447\u043a\u0430 \u0441 \u0437\u0430\u043f\u044f\u0442\u043e\u0439 \u0432 shared-\u0444\u043e\u0440\u043c\u0430\u0442\u0435 \u2014 \u0432\u0435\u043a\u0442\u043e\u0440 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438, \u0447\u0442\u043e last-write-wins \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442 field injection \u0432 override security-\u043f\u043e\u043b\u0435\u0439, \u0447\u0442\u043e \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0435 \u043f\u043e\u043b\u0435 rails_env \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 sandbox-\u0440\u0435\u0436\u0438\u043c\u043e\u043c \u2014 \u044d\u0442\u043e \u0447\u0438\u0441\u0442\u044b\u0439 domain expertise. AI \u043d\u0435 \u0432\u044b\u0442\u044f\u043d\u0435\u0442 \u0442\u0430\u043a\u043e\u0435 \u0441\u0430\u043c: \u0435\u043c\u0443 \u043d\u0435 \u0445\u0432\u0430\u0442\u0430\u0435\u0442 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0430 \u00ab\u0430 \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u0442, \u0435\u0441\u043b\u0438 \u043f\u0430\u0440\u0441\u0435\u0440 \u0432\u0441\u0442\u0440\u0435\u0442\u0438\u0442 \u0434\u0432\u0430 \u043e\u0434\u0438\u043d\u0430\u043a\u043e\u0432\u044b\u0445 \u043a\u043b\u044e\u0447\u0430\u00bb.\n\n\ud83c\udfaf \u0414\u043b\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0443\u044e\u0449\u0438\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439: \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043b\u044e\u0431\u044b\u043c \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a VM-\u043e\u0431\u0440\u0430\u0437 \u0438\u043b\u0438 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u2014 GitLab Omnibus, Bitbucket Server, Jenkins. \u0414\u043b\u044f SaaS-only \u2014 \u0432\u0435\u043a\u0442\u043e\u0440 \u0437\u0430\u043a\u0440\u044b\u0442.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0444\u043e\u0440\u043c\u0430\u0442\u0430 X-Stat \u0438 \u043c\u0435\u0442\u043e\u0434\u043e\u043b\u043e\u0433\u0438\u0438 \u0440\u0435\u0432\u0435\u0440\u0441\u0430 \u2014 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u043d\u0430 \u0444\u043e\u0440\u0443\u043c\u0435.\n\nhttps://codeby.net/threads/github-enterprise-rce-cve-2026-3854-ot-reversa-zakrytykh-binarnikov-do-polnoi-komprometatsii-servera.92950/", "creation_timestamp": "2026-05-04T10:23:28.000000Z"}, {"uuid": "b497061e-7542-41f7-8ce9-f5aa1f73102c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/devops-daily.com/post/3mkzwsalme32h", "content": "\ud83d\udcdd CVE-2026-3854: A Single git push Owned GitHub\n\nA semicolon in a git push option let any authenticated user run code on GitHub.com's backend and on 88% of self-hosted GitHub Enterprise installs....\n\nRead here: https://devops-daily.com/posts/github-cve-2026-3854-git-push-rce", "creation_timestamp": "2026-05-04T15:00:20.683116Z"}, {"uuid": "f88a7db4-47e5-4eb0-82ec-59cc3aeb4fb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml35daxrws2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 540 interactions\nCVE-2026-41940: 82 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 59 interactions\nCVE-2026-41940: 8 interactions\nCVE-2026-22679: 5 interactions\n", "creation_timestamp": "2026-05-05T02:29:53.425199Z"}, {"uuid": "623cfcbd-5c94-4ba5-b304-d28a2386091e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkymuhf3uq2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 481 interactions\nCVE-2026-41940: 74 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 26 interactions\nCVE-2026-41940: 6 interactions\nCVE-2026-5404: 4 interactions\n", "creation_timestamp": "2026-05-04T02:29:57.608241Z"}, {"uuid": "24e09031-a73f-4f7e-b301-2337f3d147b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3ml2nps2yxc2j", "content": "- cPanel CVE-2026-41940 \u2192 'Sorry' ransomware (44k+ IPs) - GitHub RCE CVE-2026-3854 (88% GHES unpatched) \n- APT28 Windows zero-day (KEV) \n- Linux 'Copy Fail' LPE \n- ShinyHunters: Instructure 275M intel.overresearched.net/2026/05/04/c... \n\n#Weekly #ThreatIntel #Infosec", "creation_timestamp": "2026-05-04T21:50:34.957948Z"}, {"uuid": "c68645b4-a6d7-478a-b243-4393c954af81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "published-proof-of-concept", "source": "Telegram/yfj8_Wf1r81ZM9XH5mmBYiYd4G1zdIl6xbgawa_XXGScCdQ", "content": "", "creation_timestamp": "2026-05-05T21:00:04.000000Z"}, {"uuid": "e44aa050-ddb2-4362-88c4-b39824690a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml5nsllfhs2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 561 interactions\nCVE-2026-41940: 122 interactions\nCVE-2026-3854: 42 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-41940: 40 interactions\nCVE-2026-31431: 21 interactions\nCVE-2026-23918: 12 interactions\n", "creation_timestamp": "2026-05-06T02:30:08.542402Z"}, {"uuid": "a57a64f5-71b3-4113-9b07-f0238b45837b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3ml65zfqqr22c", "content": "\u300cgit push \u3067\u4ed6\u4eba\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u306b\u5165\u308c\u308b\u300d CVE-2026-3854\u2014\u2014GitHub.com \u306f 2 \u6642\u9593\u3067\u30d1\u30c3\u30c1\u6e08\u307f\u3002\ud83d\udd4a\ufe0f\n\nGHES\uff08GitHub Enterprise Server\uff09\u306e 88% \u306f\u307e\u3060\u958b\u3044\u3066\u308b\u3089\u3057\u3044\u3002\ud83d\udd4a\ufe0f\n\nhttps://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854\n\nGitHub.com \u304c\u76f4\u3063\u305f\u304b\u3089\u7d42\u308f\u308a\u3058\u3083\u306d\u3047\u3002\u26a0\ufe0f #GitHub #RCE", "creation_timestamp": "2026-05-06T07:20:15.818389Z"}]}