CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes

Post Reply
User avatar
admin Verified Great Britain
Site Admin
Posts: 25972
Joined: Wed Jun 11, 2025 9:20 pm

Awards

CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes

Post by admin Verified »

[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability. Please see [CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) for more information.

Source: https://msrc.microsoft.com/update-guide ... 2026-32631
Top
Post Reply

Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest