CuraSec

Plan active

GitHub RCE CVE-2026-3854 — Public PoC Now Available

2026-07-12 11:56 UTC · HN (cve) · read the source ↗ #rce#github#vulnerability
  • Engineer — Plan: A public PoC exists for this GitHub RCE, raising urgency even though EPSS is 0.24 and KEV is not listed. If running GitHub Enterprise Server, apply available patches now and review CI/CD pipeline logs for anomalous workflow executions.
  • SOC/IR — Plan: Public PoC availability makes pre-emptive detection work worthwhile before confirmed active exploitation. Build or tune rules around anomalous GitHub API calls, unexpected workflow triggers, and unusual code execution patterns in CI/CD infrastructure.
  • Leader — Plan: GitHub is core infrastructure for most engineering orgs; confirm whether your deployment is GitHub.com or self-hosted Enterprise Server, and request GitHub’s remediation status — a public PoC with no KEV listing still warrants a near-term vendor risk check.
  • Signals: CVE-2026-3854 — CISA KEV: not listed, EPSS 0.24, public PoC on GitHub
This entry was curated and judged by AI (Claude) with automated enrichment (CISA KEV / EPSS / public PoC). Verify against the original source before acting. Found a bad verdict? Report it — confirmed errors go to the corrections log.