The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.
Tom's Hardware on MSN

Anthropic's model context protocol includes a critical remote code execution vulnerability

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.
Windows Report

GitHub Patches Severe RCE Flaw Impacting Enterprise Server Deployments

GitHub patched critical RCE flaw CVE-2026-3854 in hours, preventing potential repo takeover and enterprise server compromise.
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...
CSO Online

Max-severity RCE flaw found in Google Gemini CLI

Security researchers warn that a vulnerability in the widely used Gemini CLI could allow remote code execution in CI/CD ...
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...

GitHub patches critical 'git push' remote code execution bug

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...
Cybernews

One git push from disaster: this fundamental GitHub flaw could’ve compromised the world’s code

A critical remote code execution flaw in GitHub allowed users to gain access to millions of repositories and compromise ...