BREAKING
8h agoAmazon Earnings, Trainium and Commodity Markets, Additional Amazon Notes///8h agoWomen sue the men who used their Instagram feed to create AI porn influencers///8h agoFast16 Malware///8h agoAmazon Earnings, Trainium and Commodity Markets, Additional Amazon Notes///8h agoWomen sue the men who used their Instagram feed to create AI porn influencers///8h agoFast16 Malware///
BACK TO GLOSSARY
STDStandardsResearch

CVE-2026-3854

2 mentions across all digests

Critical remote code execution vulnerability in GitHub's git infrastructure caused by unsanitized semicolon injection in the X-Stat protocol header

/// Stats
First Seen2026-04-30
Last Seen2026-05-01
Total Mentions2
Subject Mentions2
Last 7 Days2
Sources2
Peak Relevance5/5
Active Predictions0
/// Recent Stories
2026-04-30HIGH

GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash

Wiz researchers used Claude Code to discover CVE-2026-3854 (CVSS 8.8), a critical GitHub vulnerability enabling full private repo access, in 48 hours—slashing traditional analysis timelines from months and demonstrating AI's transformative impact on security research.

2026-04-28HIGH

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Wiz Research discovered CVE-2026-3854, a critical RCE vulnerability in GitHub's internal git infrastructure via X-Stat header injection, allowing authenticated users to execute arbitrary commands. On GitHub.com, the f...

/// Connected Entities
ORGGitHub
2 shared