‼️🚨 BREAKING: Wiz got access to millions of GitHub repositories across users and organizations using one git push.
CVE-2026-3854: git push -o options injected into an internal header split by semicolons, parsed last-write-wins.
GitHub patched production in 6 hours.