CVE-2026-32631: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in git-for-windows git
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.
AI Analysis
Technical Summary
CVE-2026-32631 is a vulnerability in Git for Windows before version 2.53.0.windows.3 where an attacker can obtain a user's NTLM hash by luring the user to clone or checkout a malicious repository or branch that communicates with an attacker-controlled server. NTLM authentication proceeds without user interaction by default, enabling this exposure. The attacker can then attempt to brute-force the NTLMv2 hash to recover credentials. This issue is classified under CWE-200 (Exposure of Sensitive Information). The vulnerability has been addressed in Git for Windows version 2.53.0.windows.3.
Potential Impact
An attacker who successfully exploits this vulnerability can obtain the NTLM hash of a user without their explicit consent. Although brute-forcing the NTLMv2 hash is computationally expensive, it is feasible, potentially leading to credential compromise. This can result in unauthorized access to systems or services where these credentials are valid. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Upgrade Git for Windows to version 2.53.0.windows.3 or later, where this vulnerability has been fixed. Until the upgrade is applied, users should avoid cloning or checking out repositories or branches from untrusted sources that might trigger NTLM authentication. Patch status is not explicitly stated as 'official-fix' in the vendor advisory, but the description confirms the issue is fixed in version 2.53.0.windows.3.
CVE-2026-32631: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in git-for-windows git
Description
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-32631 is a vulnerability in Git for Windows before version 2.53.0.windows.3 where an attacker can obtain a user's NTLM hash by luring the user to clone or checkout a malicious repository or branch that communicates with an attacker-controlled server. NTLM authentication proceeds without user interaction by default, enabling this exposure. The attacker can then attempt to brute-force the NTLMv2 hash to recover credentials. This issue is classified under CWE-200 (Exposure of Sensitive Information). The vulnerability has been addressed in Git for Windows version 2.53.0.windows.3.
Potential Impact
An attacker who successfully exploits this vulnerability can obtain the NTLM hash of a user without their explicit consent. Although brute-forcing the NTLMv2 hash is computationally expensive, it is feasible, potentially leading to credential compromise. This can result in unauthorized access to systems or services where these credentials are valid. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Upgrade Git for Windows to version 2.53.0.windows.3 or later, where this vulnerability has been fixed. Until the upgrade is applied, users should avoid cloning or checking out repositories or branches from untrusted sources that might trigger NTLM authentication. Patch status is not explicitly stated as 'official-fix' in the vendor advisory, but the description confirms the issue is fixed in version 2.53.0.windows.3.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-12T15:29:36.559Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dfcf1982d89c981f854123
Added to database: 4/15/2026, 5:47:05 PM
Last enriched: 4/15/2026, 6:01:57 PM
Last updated: 4/15/2026, 7:01:55 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.