{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-32631","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-12T15:29:36.559Z","datePublished":"2026-04-15T17:26:44.154Z","dateUpdated":"2026-04-15T18:44:04.155Z"},"containers":{"cna":{"title":"Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers","problemTypes":[{"descriptions":[{"cweId":"CWE-200","lang":"en","description":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx","tags":["x_refsource_CONFIRM"],"url":"https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx"},{"name":"https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3","tags":["x_refsource_MISC"],"url":"https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3"},{"name":"https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM","tags":["x_refsource_MISC"],"url":"https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM"},{"name":"https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e","tags":["x_refsource_MISC"],"url":"https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e"},{"name":"https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848","tags":["x_refsource_MISC"],"url":"https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848"}],"affected":[{"vendor":"git-for-windows","product":"git","versions":[{"version":"< 2.53.0.windows.3","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-15T17:26:44.154Z"},"descriptions":[{"lang":"en","value":"Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3."}],"source":{"advisory":"GHSA-9j5h-h4m7-85hx","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-15T18:43:55.597018Z","id":"CVE-2026-32631","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-15T18:44:04.155Z"}}]}}