CVE-2026-32631: GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes

Overview

Severity

High (CVSS 7.4)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2026-Apr

Released

2026-04-14

Description

CVE-2026-32631 is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability. Please see CVE-2026-32631 for more information.

Affected Products (4)

Developer Tools

• Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
• Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
• Microsoft Visual Studio 2022 version 17.12
• Microsoft Visual Studio 2022 version 17.14

Security Updates (4)

• Release Notes
• Release Notes
• Release Notes
• Release Notes

Revision History

• 2026-04-14: Information published.