CVE-2026-32631 (CVSS 7.4 HIGH) is a vulnerability where cloning a malicious Git repository or checking out a malicious branch can trigger automatic NTLM authentication, leaking the user's NTLM hash to an attacker-controlled server without user interaction. The vulnerability is addressed by updates to Git incorporated into documented Visual Studio updates.
[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability. Please see [CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) for more information.