wiz.io Apr 28, 2026 CVE-2026-3854: Critical RCE in GitHub Git Infrastructure Analysis Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise. POChttps://••••••••••.com/exploit PATCHhttps://••••••••••.com/patch ADVISORYhttps://••••••••••.com/advisory Full article requires sign-in Access weekly reports, audio discussions, threat analysis, and CVE breakdowns. Sign in - Free Related CVEs CVE-2026-3854 Related Vulnerability Groups GitHub Enterprise Server Authorization Flaws HIGH 2 CVEs Other CVEs in Same Group CVE-2026-3306 MEDIUM 4.3 GitHub Enterprise Server allows users with read-only repository access and project write permissions to modify issue and pull request metadata by exploiting insufficient authorization checks when updating project items. An attacker with these limited permissions can alter sensitive metadata without the required repository write access, potentially disrupting workflow management and data integrity. This vulnerability affects multiple versions and currently has no publicly available patch.