Notes sur GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog tag:app.flus.fr,2026-04-29:links/1863791377503983343 Marien flus/2.4.0 (https://app.flus.fr/about) 2026-04-29T10:06:33+02:00 Notes par Marien tag:app.flus.fr,2026-04-29:notes/991f8e74151959d977afd9be6eb6a1e9 Marien 2026-04-29T10:06:33+02:00 2026-04-29T10:06:33+02:00

By exploiting an injection flaw in GitHub's internal protocol, any authenticated user could execute arbitrary commands on GitHub's backend servers with a single git push command - using nothing but a standard git client.

]]> Notes par Marien tag:app.flus.fr,2026-04-29:notes/eaf30c94d4eb3422ae8672a9a039fae0 Marien 2026-04-29T10:07:39+02:00 2026-04-29T10:07:39+02:00

This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols at a speed that would not have been feasible manually. As these tools continue to mature, we expect them to play an increasingly important role in uncovering vulnerability classes that require deep cross-component analysis.

]]> Notes par Marien tag:app.flus.fr,2026-04-29:notes/0ab6f66f33c0c6ed0e113e8ca8be0524 Marien 2026-04-29T10:07:59+02:00 2026-04-29T10:07:59+02:00 #GitHub #sécurité

]]>