{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/git/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Claude Code"],"_cs_severities":["high"],"_cs_tags":["git","code-execution","trust-bypass"],"_cs_type":"advisory","_cs_vendors":["Anthropic"],"content_html":"\u003cp\u003eA vulnerability in Claude Code, specifically versions 2.1.63 and later but before 2.1.84, allowed for a trust dialog bypass via Git worktree spoofing. This exploit leverages the way Claude Code determines folder trust using the \u003ccode\u003ecommondir\u003c/code\u003e file in Git worktrees. By crafting a repository containing a \u003ccode\u003ecommondir\u003c/code\u003e file that points to a path the victim has previously trusted, an attacker could bypass the trust dialog, leading to arbitrary code execution through malicious hooks defined in the \u003ccode\u003e.claude/settings.json\u003c/code\u003e file. Successful exploitation required the victim to clone a malicious repository and run Claude Code within it, as well as the attacker knowing or guessing a path the victim had previously trusted. Users on standard Claude Code with auto-update enabled received the fix automatically.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious Git repository with a \u003ccode\u003ecommondir\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecommondir\u003c/code\u003e file is configured to point to a directory path the victim is likely to have previously trusted.\u003c/li\u003e\n\u003cli\u003eThe repository includes a malicious \u003ccode\u003e.claude/settings.json\u003c/code\u003e file containing arbitrary code execution hooks.\u003c/li\u003e\n\u003cli\u003eAttacker distributes the malicious repository, likely through social engineering or other deceptive means.\u003c/li\u003e\n\u003cli\u003eVictim clones the malicious repository to their local machine using \u003ccode\u003egit clone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eVictim opens the cloned directory containing the malicious \u003ccode\u003e.claude/settings.json\u003c/code\u003e in a vulnerable version of Claude Code.\u003c/li\u003e\n\u003cli\u003eClaude Code reads the \u003ccode\u003ecommondir\u003c/code\u003e file and incorrectly trusts the repository based on the spoofed path.\u003c/li\u003e\n\u003cli\u003eThe malicious hooks defined in \u003ccode\u003e.claude/settings.json\u003c/code\u003e are executed, leading to arbitrary code execution on the victim\u0026rsquo;s machine.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allowed an attacker to execute arbitrary code on a victim\u0026rsquo;s machine. While the number of affected users is unknown, the impact of successful exploitation could range from data theft and system compromise to complete takeover of the victim\u0026rsquo;s development environment. The vulnerability primarily targeted developers using Claude Code, potentially impacting software development organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Claude Code to the latest version (\u0026gt;= 2.1.84) to patch CVE-2026-40068.\u003c/li\u003e\n\u003cli\u003eImplement a detection rule that identifies the creation or modification of \u003ccode\u003e.claude/settings.json\u003c/code\u003e files containing suspicious code (see Sigma rule below).\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unusual processes being launched from within the Claude Code application context (see Sigma rule below).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-25T12:00:00Z","date_published":"2026-04-25T12:00:00Z","id":"/briefs/2026-04-claude-code-trust-bypass/","summary":"A vulnerability in Claude Code allowed for trust dialog bypass via git worktree spoofing, potentially leading to arbitrary code execution by crafting a malicious repository with a `commondir` file pointing to a previously trusted path, bypassing the trust dialog, and executing malicious hooks defined in `.claude/settings.json`.","title":"Claude Code Trust Dialog Bypass via Git Worktree Spoofing","url":"https://feed.craftedsignal.io/briefs/2026-04-claude-code-trust-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-40161"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["tekton","git","credential-access","api-token"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in Tekton Pipelines\u0026rsquo; git resolver (versions v1.0.0 through v1.10.0) where the system-configured Git API token is sent to a user-controlled \u003ccode\u003eserverURL\u003c/code\u003e when the user omits the \u003ccode\u003etoken\u003c/code\u003e parameter. This allows a malicious tenant with TaskRun or PipelineRun create permissions to exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing \u003ccode\u003eserverURL\u003c/code\u003e to an attacker-controlled endpoint. The attacker can then use this token to gain unauthorized access to private repositories, potentially exposing source code, secrets, and CI/CD configurations. This vulnerability is similar to GHSA-j5q5-j9gm-2w5c, where credentials could be exfiltrated. The vulnerability resides in the \u003ccode\u003eResolveAPIGit()\u003c/code\u003e function within \u003ccode\u003epkg/resolution/resolver/git/resolver.go\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains permission to create TaskRuns or PipelineRuns within a Tekton Pipelines namespace.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious TaskRun or PipelineRun configuration.\u003c/li\u003e\n\u003cli\u003eThe configuration specifies the git resolver in API mode.\u003c/li\u003e\n\u003cli\u003eThe configuration omits the \u003ccode\u003etoken\u003c/code\u003e parameter but includes a \u003ccode\u003eserverURL\u003c/code\u003e pointing to an attacker-controlled endpoint.\u003c/li\u003e\n\u003cli\u003eTekton Pipelines executes the TaskRun or PipelineRun, triggering the git resolver.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eResolveAPIGit()\u003c/code\u003e function retrieves the system-configured Git API token using \u003ccode\u003egetAPIToken()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe function creates an SCM client pointed at the attacker-controlled \u003ccode\u003eserverURL\u003c/code\u003e with the system token as an \u003ccode\u003eAuthorization\u003c/code\u003e header.\u003c/li\u003e\n\u003cli\u003eSubsequent API calls from the resolver to the attacker-controlled URL transmit the system token, allowing the attacker to capture it.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to exfiltrate the system Git API token (GitHub PAT, GitLab token, etc.). The exfiltrated token can be used to access private repositories, potentially leading to the exposure of sensitive information like source code, secrets, and CI/CD configurations.  This can lead to supply chain compromise, data breaches, or other unauthorized activities. All Tekton Pipeline instances running versions v1.0.0 through v1.10.0 are potentially vulnerable if a system-level API token is configured.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDo not configure a system-level API token\u003c/strong\u003e in the git resolver ConfigMap. Instead, require all users to provide their own tokens via the \u003ccode\u003etoken\u003c/code\u003e parameter, as suggested in the advisory\u0026rsquo;s workaround section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRestrict TaskRun creation\u003c/strong\u003e to limit which users or ServiceAccounts can create TaskRuns and PipelineRuns that use the git resolver, as recommended in the advisory\u0026rsquo;s workaround section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApply NetworkPolicy\u003c/strong\u003e to the \u003ccode\u003etekton-pipelines-resolvers\u003c/code\u003e namespace to restrict outbound traffic to known-good Git servers only, mitigating the risk of token exfiltration to arbitrary \u003ccode\u003eserverURL\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-tekton-api-token-leak/","summary":"The Tekton Pipelines git resolver in API mode leaks the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter, allowing an attacker with TaskRun or PipelineRun creation permissions to exfiltrate the shared API token.","title":"Tekton Pipelines Git Resolver API Token Leak via User-Controlled ServerURL","url":"https://feed.craftedsignal.io/briefs/2026-04-tekton-api-token-leak/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-32631"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve","credential-access","windows","git"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGit for Windows versions before 2.53.0.windows.3 are susceptible to a vulnerability (CVE-2026-32631) that exposes users\u0026rsquo; NTLM hashes to malicious actors. This occurs when a user interacts with a specially crafted Git repository or branch hosted on an attacker-controlled server. The vulnerability stems from the lack of sufficient protections against unauthorized NTLM authentication requests during Git operations. The attack doesn\u0026rsquo;t require user interaction beyond the initial clone or checkout. Successful exploitation allows attackers to capture NTLMv2 hashes, which, while computationally expensive, can be brute-forced to recover user credentials. This vulnerability was patched in Git for Windows version 2.53.0.windows.3.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker sets up a malicious Git repository on a server under their control. This repository contains a Git configuration that triggers an NTLM authentication request to the attacker\u0026rsquo;s server.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a social engineering campaign to entice the victim to clone the malicious repository using the \u003ccode\u003egit clone\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker compromises an existing Git repository and adds a malicious branch. The victim is then tricked into checking out this branch using \u003ccode\u003egit checkout\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eWhen the victim clones the repository or checks out the malicious branch, Git for Windows attempts to authenticate with the attacker\u0026rsquo;s server using the NTLM protocol.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s NTLMv2 hash is sent to the attacker\u0026rsquo;s server during the NTLM authentication handshake.\u003c/li\u003e\n\u003cli\u003eThe attacker captures the NTLMv2 hash from the authentication traffic.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates an offline brute-force attack against the captured NTLMv2 hash.\u003c/li\u003e\n\u003cli\u003eUpon successful brute-forcing, the attacker recovers the victim\u0026rsquo;s credentials and can use them to access other resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32631 allows attackers to steal user credentials. The impact includes unauthorized access to sensitive data, systems, and applications accessible with the compromised credentials. The number of potential victims is directly related to the number of users running vulnerable versions of Git for Windows who interact with malicious repositories or branches. Targeted sectors are broad, encompassing any organization using Git for Windows for software development and version control.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Git for Windows to version 2.53.0.windows.3 or later to remediate CVE-2026-32631.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect NTLM authentication attempts originating from Git processes to unusual or external destinations.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Git Process Spawning Cmd with /c net use\u0026rdquo; to detect potential NTLM authentication attempts and adjust it to monitor outbound network connections from \u003ccode\u003egit.exe\u003c/code\u003e using NTLM.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T18:17:17Z","date_published":"2026-04-15T18:17:17Z","id":"/briefs/2026-04-git-ntlm-hash-leak/","summary":"Git for Windows versions prior to 2.53.0.windows.3 are vulnerable to NTLM hash theft by attackers who can trick users into cloning malicious repositories or checking out malicious branches, leading to potential credential compromise.","title":"Git for Windows NTLM Hash Leak Vulnerability (CVE-2026-32631)","url":"https://feed.craftedsignal.io/briefs/2026-04-git-ntlm-hash-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["rce","vim","emacs","git","modeline"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA researcher at Calif discovered vulnerabilities in Vim and GNU Emacs using the Claude AI assistant. The Vim vulnerability (versions 9.2.0271 and earlier) results from missing security checks in modeline handling, allowing arbitrary code execution when a specially crafted file is opened. A patch is available in version 9.2.0272. The GNU Emacs vulnerability stems from its integration with Git\u0026rsquo;s version control (vc-git) and remains unpatched. Opening a file can trigger Git operations via \u003ccode\u003evc-refresh-state\u003c/code\u003e, leading to the execution of arbitrary commands defined in a user-controlled \u003ccode\u003ecore.fsmonitor\u003c/code\u003e program within a hidden \u003ccode\u003e.git/config\u003c/code\u003e file. This affects users who open files from untrusted sources.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker creates a malicious archive containing a text file and a hidden \u003ccode\u003e.git/\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e.git/\u003c/code\u003e directory includes a \u003ccode\u003econfig\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003econfig\u003c/code\u003e file contains a \u003ccode\u003ecore.fsmonitor\u003c/code\u003e entry pointing to a malicious executable.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the archive (e.g., via email or shared drive).\u003c/li\u003e\n\u003cli\u003eVictim extracts the archive on their system.\u003c/li\u003e\n\u003cli\u003eThe victim opens the seemingly benign text file within GNU Emacs.\u003c/li\u003e\n\u003cli\u003eGNU Emacs\u0026rsquo; \u003ccode\u003evc-git\u003c/code\u003e integration triggers \u003ccode\u003evc-refresh-state\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003evc-refresh-state\u003c/code\u003e causes Git to read the attacker-controlled \u003ccode\u003e.git/config\u003c/code\u003e file and execute the malicious \u003ccode\u003ecore.fsmonitor\u003c/code\u003e program, achieving arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities leads to arbitrary code execution with the privileges of the user running Vim or Emacs. For Vim, all versions 9.2.0271 and earlier are affected until patched. While the Emacs vulnerability remains unpatched, it poses a significant risk to users who routinely open files from unknown or untrusted sources, potentially leading to system compromise and data breaches. The number of potential victims is substantial given the widespread use of these editors by developers and system administrators.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Vim to version 9.2.0272 or later to patch the RCE vulnerability related to modeline handling (refer to the Vim flaw and fix section).\u003c/li\u003e\n\u003cli\u003eExercise extreme caution when opening files from unknown sources or downloaded online when using GNU Emacs due to the unpatched Git integration vulnerability (refer to the GNU Emacs points to Git section).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect execution of git with unusual core.fsmonitor configuration to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T21:45:14Z","date_published":"2026-03-31T21:45:14Z","id":"/briefs/2026-03-vim-emacs-rce/","summary":"Vulnerabilities in Vim (\u003c=9.2.0271) and GNU Emacs allow remote code execution by opening a specially crafted file, leveraging flaws in modeline handling and Git integration, respectively.","title":"Vim and Emacs Remote Code Execution Vulnerabilities Triggered by File Opening","url":"https://feed.craftedsignal.io/briefs/2026-03-vim-emacs-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Git","version":"https://jsonfeed.org/version/1.1"}