CVE-2026-32631
published 2026-04-15CVE-2026-32631: Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM…
PriorityP342high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EPSS
0.32%
23.3th percentile
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| git-for-windows | git | < 2.53.0.windows.3 | 2.53.0.windows.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
blogs_hackernews·2026-04-15·CVSS 7.5
[HIGH] Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild.
Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are classified as privilege escalation, followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and nine denial-of-service vulnerabilities.
Also inclu
Bleepingcomputer
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
blogs_bleepingcomputer·2026-04-14·CVSS 6.5
[MEDIUM] Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Lawrence Abrams
Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
This Patch Tuesday also addresses eight "Critical" vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw.
The number of bugs in each vulnerability category is listed below:
93 Elevation of Privilege Vulnerabilities
13 Security Feature Bypass Vulnerabilities
20 Remote Code Execution Vulnerabilities
21 Information Disclosure Vulnerabilities
10 Denial of Service Vulnerabilities
9 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today.
Therefore, the
Rapid7
Patch Tuesday - April 2026
blogs_rapid7·2026-04-14·CVSS 6.5
[MEDIUM] Patch Tuesday - April 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Increasing volumes of vulnerabilities
Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category.
It mig
https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hxhttps://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLMhttps://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2ehttps://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848
2026-04-15
Published