DevOps Pulse

GitHub disclosed CVE-2026-3854

a critical RCE vulnerability allowing authenticated users to execute code via git push commands on millions of repositories. Azure DevOps suffered a perfect CVSS 10.0 vulnerability (CVE-2026-42826) enabling unauthenticated information disclosure. GitProtect launched first-in-market GitHub Enterprise Cloud Data Residency support, directly targeting Veeam's regulated industry customers. DevOps ransomware attacks doubled in 2025 with 95% increase in downtime, while AI coding agents produced vulnerable code in 87% of pull requests.

Signals
32
Sections
5/5
Threats
8
Fresh
15
Updated
46d ago
Show

DevOps Platform Updates

scanned 46d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Critical GitHub CVE-2026-3854 RCE Vulnerability Disclosed

GitHub disclosed a critical remote code execution vulnerability that allowed authenticated users to gain code execution via crafted git push commands. The flaw affected GitHub.com and GitHub Enterprise Server, potentially enabling access to millions of repositories on shared infrastructure. GitHub patched the vulnerability immediately with no evidence of exploitation.

githubThe Hacker News·1 MayRecent

GitHub Copilot Security Feature Bypass CVE-2026-41109 Patched

Microsoft disclosed CVE-2026-41109, a security feature bypass in GitHub Copilot and VS Code that allowed local attackers to circumvent AI content filters and consent mechanisms. This represents a new category of AI-related vulnerabilities in the development workflow.

githubWindows News·12 MayNEW

Azure DevOps Critical Vulnerabilities in May 2026 Patch Tuesday

Microsoft's May 2026 Patch Tuesday addressed 137 vulnerabilities including CVE-2026-42826 (CVSS 10.0) affecting Azure DevOps, allowing unauthenticated information disclosure. Additional critical flaws were patched in Azure Cloud Shell, AI Foundry, and Managed Cassandra services.

azure-devopsCrowdStrike·13 MayNEW

GitLab Restructures for 'Agentic AI Era' with Workforce Changes

GitLab announced a restructuring and reduction in force on May 11 to realign operations for the emerging 'agentic' AI era. The plan includes geographic consolidation, flattening management layers, and reorganizing R&D into 60 autonomous teams with AI agent automation of internal processes.

gitlabTipRanks·11 MayRecent

Atlassian Security Vulnerabilities Disclosed March 2026

Atlassian disclosed multiple high-severity vulnerabilities in March 2026 affecting Jira and Confluence Data Center and Server products. CVE-2025-64756 allows OS command injection in Confluence, while Jira vulnerabilities enable path traversal, file overwrite, and denial of service attacks.

confluenceUC Berkeley Information Security·18 Mar

Cross-org Dependabot Access for GitHub Enterprise

GitHub released cross-organization Dependabot access for internal repositories in GitHub Enterprise, allowing dependency updates across organizational boundaries within the same enterprise. This addresses a key limitation for enterprises with multi-org repository structures.

githubReleasebot·11 MayRecent