The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub’s engineering team developed a fix and deployed it just over an hour after identifying the root cause, protecting both ...

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...
Morning Overview on MSN

GitHub patches critical remote code execution flaw in private repositories

GitHub has patched a high-severity remote code execution vulnerability that allowed anyone with push access to a private ...

AI 圈地震:MCP 设计缺陷影响超 20 万台服务器,波及 Cursor、Claude Code ...

IT之家4 月 16 日消息,网络安全公司 OX Security 昨日(4 月 15 日)发布报告,披露 Anthropic 的 MCP(模型上下文协议)存在设计缺陷,可导致远程代码执行。 该设计缺陷影响范围极广,导致超过 20 万台 AI 服务器面临远程代码执行风险。 IT之家注:MCP 全称为 Model Context Protocol,是 Anthropic 公司于 2024 年 11 ...
SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
Dark Reading

AI Finds 38 Security Flaws in Electronic Health Record Platform

Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code ...

GitHub patches critical 'git push' remote code execution bug

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...