Changes since Git for Windows v2.53.0(2) (March 10th 2026)
This is a security fix release, addressing CVE-2026-32631.
- CVE-2026-32631, Git for Windows: When a user clones a repository containing symbolic links pointing to network drives, Git follows those symlinks during checkout, causing Windows to transparently perform NTLM authentication and disclose the user's NTLMv2 hash to an attacker-controlled server. Since NTLM hashing is weak, the captured hash can potentially be brute-forced to recover the user's credentials. This is addressed by preventing
git clonefrom following symbolic links that point to network drives during checkout.
| Filename | SHA-256 |
|---|---|
| Git-2.53.0.3-64-bit.exe | bc88381e192bd5b17a131755d837828d8a570da1ead89cfcde0d45ae38133c0b |
| Git-2.53.0.3-arm64.exe | 9cc821d1c402f4a5fd397ab0757ed67b7d91d3401ea171131acd745334056a9b |
| PortableGit-2.53.0.3-64-bit.7z.exe | b365da794b1d2225eb24d5f5e09ef7792cfd5fa26c3a3586210280c80dff3a2a |
| PortableGit-2.53.0.3-arm64.7z.exe | 0db54010054c01f35501cf69e1e32d3710138ecb934d188bd77093afed24300e |
| MinGit-2.53.0.3-64-bit.zip | 0d7c85a26e45668b35d0d0aeb763289376cfc039e55e0938a617ed0dfa32e433 |
| MinGit-2.53.0.3-arm64.zip | 4e023ced9acba38d45b63cafadde57a11c754c0b46df8968117cd243f8f58ef4 |
| MinGit-2.53.0.3-32-bit.zip | 2a55bcec4de958570f4e27ae59dfa9f91d98c816113189e2fc6af8afe85ed66a |
| MinGit-2.53.0.3-busybox-64-bit.zip | cab3a8dfb2bdd7328d79c0f8dbc934d038f755573ab22d4f72bcdd8ff9f86c26 |
| MinGit-2.53.0.3-busybox-32-bit.zip | 98ddcfe902949cfb656e2bc518f1053217d54d88a22317d02c026eda7aeeb984 |
| Git-2.53.0.3-64-bit.tar.bz2 | 1661f02e85a7901ad7920e2a358ee3772ed9066b00d8590bf2d9046ef10aa8b2 |
| Git-2.53.0.3-arm64.tar.bz2 | 4015f05a68bd2bcf3cc6c426e8d44b65d670fbb879225bb7b7c347cfc3a2758a |