What is CVE-2026-32631?

CVE-2026-32631 is a high-severity vulnerability in Git-for-windows Git, classified under Information Disclosure. CVSS score: 7.4/10. Published 2026-04-15.

How severe is CVE-2026-32631?

High severity. CVSS v3 base score is 7.4 out of 10.

Information disclosure in Git-for-windows Git

CVE-2026-32631

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repos…

Vulnerability class: Information Disclosure

EPSS: 0.001 (24.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

Affected products

Git-for-windows Git — versions < 2.53.0.windows.3

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx (x_refsource_CONFIRM)
https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3 (x_refsource_MISC)
https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM (x_refsource_MISC)
https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e (x_refsource_MISC)
https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-32631?: CVE-2026-32631 is a high-severity vulnerability in Git-for-windows Git, classified under Information Disclosure. CVSS score: 7.4/10. Published 2026-04-15.
How severe is CVE-2026-32631?: High severity. CVSS v3 base score is 7.4 out of 10.