Git for Windows
Moderate fix1 remedy
cpe:2.3:a:gitforwindows:git:*:*:*:*:*:*:*, +2 more
Moderate fix1 remedy
- <= 2.53.0
Git for Windows NTLM Hash Disclosure Vulnerability
Vulnerability
Patched
A vulnerability in Git for Windows prior to version 2.53.0(2) allows for the extraction of a user's NTLM hash. This is achieved by convincing the user to clone a repository from a malicious server. The weakness in NTLM hashing could enable an attacker to brute-force the user's account name and password.
Impact
Exploitation of this vulnerability could lead to the unauthorized disclosure of user credentials by allowing an attacker to capture and brute-force the NTLMv2 hash obtained during the cloning process.
Reproduction
To reproduce this vulnerability, an attacker must control a server that the target user clones a repository from. When the user initiates the clone, the server can capture the NTLM hash of the user.
Remediation
Users can upgrade to Git for Windows version 2.53.0(2) or later, where this vulnerability has been addressed.
Added: Mar 10, 2026, 9:37 PM
Updated: Mar 10, 2026, 9:37 PM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
2.5exploitability
5.6remediation
7.7relevance
3.7threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.