CVE-2026-32631

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.53.0.windows.3

Description Git for Windows lacks protections that prevent attackers from obtaining a user's NTLM hash. An attacker can obtain the NTLMv2 hash by tricking users into cloning a malicious repository or checking out a malicious branch that accesses a server controlled by the attacker. Because NTLM authentication does not require user interaction by default, the hash can be leaked automatically. Credentials can then be extracted by brute-forcing the NTLMv2 hash.

Recommendations Update to version 2.53.0.windows.3.