Description
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.
Published: 2026-04-15
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: NTLM Hash Disclosure
Action: Immediate Patch
AI Analysis

Impact

Git for Windows versions older than 2.53.0.windows.3 allow an attacker to obtain a user’s NTLM hash by tricking the user into cloning a malicious repository or checking out a malicious branch. The clone operation contacts an attacker-controlled Git server and, via default NTLM authentication, streams the user’s NTLM credentials to the server without requiring any user interaction. The leaked hash can then be brute forced, enabling credential compromise. This vulnerability is an information disclosure flaw (CWE-200).

Affected Systems

Git for Windows, product "Git". Users running any Git for Windows release prior to 2.53.0.windows.3 are affected. Versions 2.53.0.windows.3 and later contain the fix.

Risk and Exploitability

The vulnerability scores a high CVSS of 7.4. EPSS is not reported, indicating that the exploitation probability is not quantified, but the issue is not currently listed in the CISA KEV catalog. The attack vector is inferred to be remote: any actor who can host or trick a user into interacting with a malicious Git server can exploit this flaw. Exploitation requires only that the user run "git clone" or similar commands against the attacker-controlled endpoint. The consequences include potential credential theft and downstream compromise of any resources accessed with those credentials.

Generated by OpenCVE AI on April 15, 2026 at 22:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Git for Windows to version 2.53.0.windows.3 or later to eliminate the hash leak
  • Disable NTLM authentication in Windows or enforce stronger authentication mechanisms for Git traffic
  • Verify that users do not clone from untrusted or unknown repositories and educate them about the risks of malicious Git servers

Generated by OpenCVE AI on April 15, 2026 at 22:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitforwindows
Gitforwindows git
Vendors & Products Gitforwindows
Gitforwindows git

Wed, 15 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.
Title Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}

Subscriptions

Gitforwindows Git
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-15T18:44:04.155Z

Reserved: 2026-03-12T15:29:36.559Z

Link: CVE-2026-32631

cve-icon Vulnrichment

Updated: 2026-04-15T18:43:58.924Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-15T18:17:17.437

Modified: 2026-04-17T15:38:09.243

Link: CVE-2026-32631

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T22:30:16Z

Weaknesses