DevOps Platform Updates
scanned 46d ago6Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Critical GitHub CVE-2026-3854 RCE Vulnerability Disclosed
GitHub disclosed a critical remote code execution vulnerability that allowed authenticated users to gain code execution via crafted git push commands. The flaw affected GitHub.com and GitHub Enterprise Server, potentially enabling access to millions of repositories on shared infrastructure. GitHub patched the vulnerability immediately with no evidence of exploitation.
GitHub Copilot Security Feature Bypass CVE-2026-41109 Patched
Microsoft disclosed CVE-2026-41109, a security feature bypass in GitHub Copilot and VS Code that allowed local attackers to circumvent AI content filters and consent mechanisms. This represents a new category of AI-related vulnerabilities in the development workflow.
Azure DevOps Critical Vulnerabilities in May 2026 Patch Tuesday
Microsoft's May 2026 Patch Tuesday addressed 137 vulnerabilities including CVE-2026-42826 (CVSS 10.0) affecting Azure DevOps, allowing unauthenticated information disclosure. Additional critical flaws were patched in Azure Cloud Shell, AI Foundry, and Managed Cassandra services.
GitLab Restructures for 'Agentic AI Era' with Workforce Changes
GitLab announced a restructuring and reduction in force on May 11 to realign operations for the emerging 'agentic' AI era. The plan includes geographic consolidation, flattening management layers, and reorganizing R&D into 60 autonomous teams with AI agent automation of internal processes.
Atlassian Security Vulnerabilities Disclosed March 2026
Atlassian disclosed multiple high-severity vulnerabilities in March 2026 affecting Jira and Confluence Data Center and Server products. CVE-2025-64756 allows OS command injection in Confluence, while Jira vulnerabilities enable path traversal, file overwrite, and denial of service attacks.
Cross-org Dependabot Access for GitHub Enterprise
GitHub released cross-organization Dependabot access for internal repositories in GitHub Enterprise, allowing dependency updates across organizational boundaries within the same enterprise. This addresses a key limitation for enterprises with multi-org repository structures.