We achieved Remote Code Execution on GitHub - and got access to millions of repositories belonging to other users and organizations 🤯

All it took was a single `git push`

Here's how we did it (CVE-2026-3854) 🧵⬇️