Defending Against Git Push Injection Attacks: A Comprehensive Response Guide

Overview

In early 2026, researchers discovered a critical remote code execution vulnerability in GitHub's git push pipeline. By sending a crafted push option, an attacker with push access to any repository could execute arbitrary commands on the server handling the push. GitHub's security team validated, fixed, and deployed a patch within two hours, with no evidence of exploitation. This tutorial translates that incident into a practical guide for organizations looking to secure their own git infrastructure against similar injection attacks. You'll learn how the attack works, how to set up detection and response procedures, and how to implement proper sanitization to prevent command injection through push options.

Prerequisites

Before diving in, ensure you have:

• Basic understanding of git push operations – familiarity with git push and the concept of push options (git push -o key=value).
• Access to a test environment – a local Git server (like Gitea or GitLab) or a sandboxed GitHub Enterprise Server instance where you can safely reproduce the vulnerability.
• Knowledge of your internal metadata formats – you should understand how your system passes push metadata between services (e.g., JSON, delimited strings).
• Bug bounty or vulnerability reporting process – a channel for external researchers to submit findings (optional but recommended).

Step-by-Step Instructions

Step 1: Understand the Attack Vector

The vulnerability exploits git push options, a feature that allows clients to attach key-value strings during a push. These options are intended for server-side hooks, but when unsanitized, they can inject special delimiters into internal metadata.

For example, an attacker might run:

git push -o "environment=production&hook=malicious.sh" origin main

If the server concatenates push options into a delimited string (e.g., using | as a separator), the attacker can include that delimiter to break out of the intended field. In the GitHub case, the delimiter allowed overriding the sandbox environment, leading to arbitrary command execution.

Step 2: Set Up Monitoring for Suspicious Push Options

To detect potential attacks, log all push option keys and values. Use a centralized logging system (e.g., ELK Stack) and set alerts for unusual patterns:

• Options containing delimiter characters (|, &, ;, etc.)
• Options that attempt to reference internal field names (e.g., environment, hook)
• Options with excessively long values

Example log entry for a normal push:

push_option: repository_type=public, sandbox=default

For a malicious push:

push_option: repository_type=public|environment=production|hook=evil.sh

Step 3: Reproduce the Vulnerability in a Safe Environment

Before fixing, confirm the attack works in your stack. Use a test Git server that mimics your production metadata handling. Create a minimal service that processes push metadata and logs commands executed. Then send a crafted push option that escapes the metadata format. For example, if your metadata uses newline separation, try:

git push -o "key=value
environment=production" origin main

Warning: Do not run this on production! Use a sandboxed environment.

Step 4: Implement Input Sanitization

The core fix is to sanitize user-supplied push option values before including them in internal metadata. Follow these rules:

• Reject or escape delimiter characters – strip or encode characters used to separate fields in your metadata format.
• Whitelist allowed characters – only permit alphanumeric characters, hyphens, underscores, and dots.
• Validate key-value pairs – ensure keys match expected patterns and values do not contain control characters.

Example sanitization function in Python:

def sanitize_push_option(value):
    # Remove any occurrence of the internal separator '|'
    return value.replace('|', '')

But be careful – simple replacement might be bypassed. Better to use a strict allowlist:

import re
ALLOWED = re.compile(r'^[a-zA-Z0-9._-]+$')
def sanitize_push_option(value):
    if not ALLOWED.match(value):
        raise ValueError("Invalid push option value")
    return value

Step 5: Deploy the Fix and Verify

After sanitization is implemented, roll out the update to all relevant services. For a GitHub Enterprise Server, this would be a patch release (like CVE-2026-3854 fixes). Validate by attempting the same injection – it should now fail. Also run regression tests on normal push operations.

Example test:

# Before fix: injection works
$ git push -o "malicious|environment=prod" origin main
[remote] Command executed: cat /etc/passwd

# After fix: injection blocked
$ git push -o "malicious|environment=prod" origin main
fatal: remote error: invalid push option value

Step 6: Forensic Investigation

If you suspect exploitation, follow these steps:

1. Identify which repositories were pushed to during the vulnerable period.
2. Examine logs for push options containing unusual characters.
3. Check for any changes to server hooks or environment variables.
4. Look for signs of lateral movement from the affected server.

GitHub's investigation concluded no exploitation had occurred, but you should always perform a thorough review.

Common Mistakes

• Assuming push options are safe – Many developers treat push options as simple metadata, but they can be weaponized if passed unsanitized to downstream services.
• Relying on blacklists instead of whitelists – Blocking known bad characters is weak; use whitelists for allowed patterns.
• Ignoring the metadata format – If you don't know exactly how push options are concatenated, you can't properly escape. Map out the entire data flow.
• Delaying the patch – As seen, GitHub fixed within two hours. Every hour of exposure increases risk. Automate your patch pipeline.
• Not communicating with security researchers – A good bug bounty program with clear response times builds trust and encourages responsible disclosure.

Summary

This guide walked through the anatomy of a critical remote code execution vulnerability in the git push pipeline, from detection to remediation. The key takeaways are: monitor push options for injection patterns, reproduce the attack in a sandbox, implement strict input sanitization using whitelists, and deploy fixes rapidly. By applying these practices, you can protect your Git infrastructure from similar injection attacks and respond effectively when vulnerabilities are reported.