GitHub: CVE-2026-32631 ‘git clone’ from manipulated repositories can leak NTLM...

Description

CVE-2026-32631 is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.

Please see CVE-2026-32631 for more information.

Visit Original Source

Basic Information

ID MS:CVE-2026-32631

Published Apr 14, 2026 at 14:00

{
    "lastseen": "2026-04-14T21:15:48",
    "description": "CVE-2026-32631 is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.\n\nPlease see CVE-2026-32631 for more information.\n",
    "published": "2026-04-14T14:00:00",
    "modified": "2026-04-14T14:00:00",
    "type": "mscve",
    "title": "GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes",
    "source": "",
    "references": "",
    "id": "MS:CVE-2026-32631",
    "bulletinFamily": "microsoft",
    "cwe": null,
    "cvelist": [
        "CVE-2026-32631"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32631",
    "category_name": "News",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GitHub: CVE-2026-32631 ‘git clone’ from manipulated repositories can leak NTLM hashes_MS:CVE-2026-32631

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply