{"id":237417,"date":"2026-04-29T07:49:00","date_gmt":"2026-04-29T11:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/29\/critical-github-rce-bug-exposed-millions-of-repositories\/"},"modified":"2026-04-30T09:25:26","modified_gmt":"2026-04-30T13:25:26","slug":"critical-github-rce-bug-exposed-millions-of-repositories","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/29\/critical-github-rce-bug-exposed-millions-of-repositories\/","title":{"rendered":"Critical GitHub RCE bug exposed millions of repositories"},"content":{"rendered":"<p><a href=\"https:\/\/www.csoonline.com\/article\/4164925\/critical-github-rce-bug-exposed-millions-of-repositories.html\">Critical GitHub RCE bug exposed millions of repositories<\/a><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4164925\/critical-github-rce-bug-exposed-millions-of-repositories.html\">https:\/\/www.csoonline.com\/article\/4164925\/critical-github-rce-bug-exposed-millions-of-repositories.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-29 07:49:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.csoonline.com\">www.csoonline.com<\/a><\/p>\n<p>\u201cOn GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible on the affected nodes,\u201d Tzadik said, adding that the impact was even more severe for self-hosted environments. On GitHub Enterprise Server, the vulnerability granted full server compromise, including access to all hosted repositories and internal secrets.<\/p>\n<p>Wiz confirmed that it did not access the contents of other tenants\u2019 repositories while testing the exploit. \u201c We validated the cross-tenant exposure using only our own test accounts, confirming that the git user\u2019s filesystem permissions would allow reading any repository on the node,\u201d Tzadik added.<\/p>\n<p>GitHub shared remediation steps and full technical details in a security blog post, adding that \u201cGitHub Enterprise Cloud, GitHub Enterprise Cloud with Enterprise Managed Users, GitHub Enterprise Cloud with Data Residency, and github.com were patched on March 4, 2026. No action is required from users of any of these.\u201d<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4164925\/critical-github-rce-bug-exposed-millions-of-repositories.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical GitHub RCE bug exposed millions of repositories https:\/\/www.csoonline.com\/article\/4164925\/critical-github-rce-bug-exposed-millions-of-repositories.html Publish Date: 2026-04-29 07:49:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237418,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.csoonline.com\/wp-content\/uploads\/2026\/04\/4164925-0-24444700-1777463346-shutterstock_177668495.jpg?quality=50&strip=all&w=1024","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-237417","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237417"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237417"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237417\/revisions"}],"predecessor-version":[{"id":237419,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237417\/revisions\/237419"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237418"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}