TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security Reverse Engineering With AI Unearths High-Severity GitHub Bug Reverse Engineering With AI Unearths High-Severity GitHub Bug by Alexander Culafi Apr 29, 2026 3 Min Read Application Security Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain by Elizabeth Montalbano Apr 28, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Application Security Сloud Security Vulnerabilities & Threats Cyber Risk News Reverse Engineering With AI Unearths High-Severity GitHub Bug Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake. Alexander Culafi , Senior News Writer , Dark Reading April 29, 2026 3 Min Read Source: Klaus Ohlenschlaeger via Alamy Stock Photo GitHub yesterday disclosed CVE-2026-3854, a high severity (8.7 CVSS) vulnerability identified in GitHub Enterprise Server that would grant an attacker with push access to a repository to achieve remote code execution. GitHub said in a blog post that the vulnerability also affected github.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise Managed Users. Cloud security firm Wiz reported the vulnerability March 4 through GitHub's bug bounty program. GitHub said that, in less than two hours, it validated the finding, pushed a fix to github.com, and, after an investigation, concluded no exploitation had taken place. While a remote code execution bug generally is worth calling attention to, the circumstances here are particularly noteworthy, as Wiz explained in its blog post . It's "one of the first critical vulnerabilities discovered in closed-source binaries using AI, highlighting a shift in how these flaws are identified." Related: Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain How CVE-2026-3854 Works As GitHub's Alexis Wales put it in the company's disclosure blog, user-pushed code in GitHub passes multiple internal services. Metadata, such as repository type and the environment it should be pushed in, is passed between services via an internal protocol. "The vulnerability leveraged how user-supplied git push options were handled within this metadata. Push options are an intentional feature of git that allow clients to send key-value strings to the server during a push," she wrote. "However, the values provided by the user were incorporated into the internal metadata without sufficient sanitization. Because the internal metadata format used a delimiter character that could also appear in user input, an attacker could inject additional fields that the downstream service would interpret as trusted internal values." Wiz demonstrated that an attacker could chain several of these values together to bypass various protections and internal limitations to execute remote code. GitHub and Wiz both advise GitHub Enterprise Server customers to upgrade to a fixed version (3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3); contrary to other affected products, Enterprise Server requires an authenticated user with push access to patch. GitHub Enterprise Cloud, GitHub Enterprise Cloud with Enterprise Managed Users, GitHub Enterprise Cloud with Data Residency, and github.com have been patched, and no user intervention is required. In Wiz's blog post, security researcher Sagi Tzadik urged impacted users to upgrade, noting 88% of instances remained vulnerable at the time of publication. Related: Vercel Employee's AI Tool Access Led to Data Breach AI Reverse-Engineered Vulnerability Discovery Tzadik wrote that Wiz had previously hunted for vulnerabilities on GitHub Enterprise Server, but "extracting and auditing the sheer volume of compiled blackbox binaries that run this pipeline historically required an impractical amount of time and manual effort." Enter IDA MCP, an AI-powered assistant used for vibe reverse-engineering code . It allowed Wiz to do what was previously "too costly," the blog explained, such as rapidly analyzing GitHub's compiled binaries, reconstructing internal protocols, and systematically identifying where user input could influence server behavior. In an email, Tzadik tells Dark Reading that Wiz has been "chasing this target since September 2024," but couldn't justify the resources required to do the reverse-engineering work. "It likely would have taken weeks, maybe months, of dedicated time and focus. With the help of AI tools, it took less than 48 hours to go from idea to a working exploit," he says. The closed source element of GitHub is also important, the researcher says, because closed source software historically has been home to the biggest security risks and the most obscurity. "As the latest AI models have improved, it's become much easier, faster, and cheaper to do things like reverse-engineer closed-source binaries, or produce a working exploit from a CVE identifier and a git commit hash as input," Tzadik explains. "Scale is also a factor — while researchers used to work on a limited set of projects at a given time, these days it is possible to run automated pipelines on multiple targets at once." Related: North Korea Uses ClickFix to Target macOS Users' Data About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. See more from Alexander Culafi Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports The Total Economic Impact™ Of Google SecOps AI-driven SecOps: Transforming Financial Services Security The Agentic SOC: Exploring the Practitioner Mindset as AI Permeates SecOps The Total Economic Impact™ Of Google SecOps The Business Value of Google Threat Intelligence Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap Tips for Managing Cloud Security in a Hybrid Environment? More Webinars Editor's Choice Сloud Security Navigating the Unique Security Risks of Asia's Digital Supply Chain Navigating the Unique Security Risks of Asia's Digital Supply Chain by Alexander Culafi Apr 15, 2026 3 Min Read Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks Threat Intelligence Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats Jan 2, 2026 Cyber Risk Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult Jan 12, 2026 | 7 Min Read Endpoint Security CISOs Face a Tighter Insurance Market in 2026 Jan 5, 2026 | 7 Min Read Threat Intelligence 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child Jan 30, 2026 | 8 Min Read Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe Webinars How Well Can You See What's in Your Cloud? Thurs, June 4, 2026 at 1:00pm EST Implementing CTEM: Beyond Vulnerability Management Thurs, May 21, 2026 at 1pm EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Mon, May 11, 2026 at 1:00pm ET Zero Trust Architecture for Cloud environments: Implementation Roadmap Tues, May 12, 2026 at 1pm EST Tips for Managing Cloud Security in a Hybrid Environment? Thurs, May 7, 2026 at 1pm EST More Webinars White Papers 7 best practices for secrets lifecycle management Reinventing the SOC with agentic AI Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Explore More White Papers Black Hat Asia | Marina Bay Sands, Singapore Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS Discover More Black Hat Omdia Working With Us A