Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub's git infrastructure that handed remote attackers full read/write access to private GitHub repositories using a single command.

In disclosing the bug this week, the Google-owned security shop also said its findings could represent a turning point in the way vulnerabilities are discovered in closed source software.

Wiz published its findings related to CVE-2026-3854 (8.8) on Tuesday.

The company's researchers have tinkered with GitHub for two years but throughout this time, reverse-engineering it was seen as too great a task, given the scale of its internal binaries.

They used Claude Code to take a lot of the legwork out of the process, and were able to go from idea to working exploit in less than 48 hours.

"By leveraging AI-augmented tooling, particularly automated reverse engineering using IDA MCP, we were able to do what was previously too costly," Wiz blogged. "Using AI, we rapidly analyzed GitHub's compiled binaries, reconstructed internal protocols, and systematically identified where user input could influence server behavior across the entire pipeline. 

"Thanks to this new capability, we found a fundamental flaw in how that input flows through GitHub's multi-service architecture."

Wiz said that in the pre-AI days, findings of this kind would have taken months' worth of manual analysis by those with extensive experience. It is carried out more quickly and easily using generic AI tools – a boon to both defenders and attackers.

The bug explained

Wiz has the full technical rundown of how the vulnerability works, but it is concisely summarized as a flaw in how GitHub's internal services blindly trust user inputs when processing push requests.

Push options are an intentional feature of the git protocol designed to send key-value strings to a server. These options are packaged into internal X-Stat HTTP headers that are passed between services.

However, the vulnerability exploited the way in which user-supplied push option values were blindly trusted and incorporated into the internal metadata of a push request. 

Crucially, the metadata here is separated by a delimiter character – a null byte – which users could also type into push options. An attacker could abuse this delimiter character in their push command to trick a server into accepting it as a trusted internal value. 

Wiz originally tested the vulnerability on GitHub Enterprise Server (GHES), and found that an additional injection into an X-Stat field ensured the same exploit chain worked on GitHub.com too.

GitHub's response

As Wiz noted, GitHub responded to its disclosure and issued fixes for the vulnerability within six hours, as well as implementing additional hardening measures to prevent similar vulnerabilities from being as impactful in the future, should they manifest.

It also confirmed that no attacker had ever carried out the attack on GitHub.com, although it advised GHES customers to check their access logs for signs of abuse.

Alexis Wales, GitHub's CISO, thanked Wiz for the discovery and said it is rewarding the team with one of the biggest-ever payouts in the history of GitHub's bug bounty program.

"GitHub greatly appreciates the collaboration, professionalism, and partnership that Wiz has shown throughout this process," she said. 

"A finding of this caliber and severity is rare, earning one of the highest rewards available in our bug bounty program, and serves as a reminder that the most impactful security research comes from skilled researchers who know how to ask the right questions. 

• Google claims to have all the answers for enterprise AI agent sprawl
• Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
• AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
• Infosec exec sold eight zero-day exploit kits to Russia, says DoJ

"As the landscape evolves, these close partnerships with talented hunters and researchers are more important than ever."

Even though CVE-2026-3854 was given an 8.8 CVSS rating by the National Institute of Standards and Technology (NIST) – one rung down from the top "critical" classification – both Wiz and GitHub view it as more impactful than the severity score suggests.

Beyond saying it had given Wiz "one of the highest rewards available in our bug bounty program," the Microsoft source shop did not name a figure. Per the rewards guide from GitHub's bug bounty, critical vulnerabilities typically earn researchers between $20,000 and $30,000, although the company is known to issue greater sums for especially impactful flaws.

For example, the most lucrative bug to date was reported in 2023, and GitHub awarded $75,000 for the since-patched flaw, which had allowed access to the environment variables of a production container.  ®

More about

• GitHub
• Vulnerability

More like these