7.4

CVE-2026-32631

EPSS 0.08%
Veröffentlicht 15.04.2026 17:26:44
Zuletzt bearbeitet 17.04.2026 15:38:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellergit-for-windows

≫

Produkt git

Version < 2.53.0.windows.3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.232

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.4	2.8	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx

https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3

https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM

https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e

https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848

https://nvd.nist.gov/vuln/detail/CVE-2026-32631

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32631

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32631

EUVD