https://feed.craftedsignal.io/tags/git/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSat, 25 Apr 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-04-claude-code-trust-bypass/Sat, 25 Apr 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-claude-code-trust-bypass/A vulnerability in Claude Code allowed for trust dialog bypass via git worktree spoofing, potentially leading to arbitrary code execution by crafting a malicious repository with a `commondir` file pointing to a previously trusted path, bypassing the trust dialog, and executing malicious hooks defined in `.claude/settings.json`.A vulnerability in Claude Code, specifically versions 2.1.63 and later but before 2.1.84, allowed for a trust dialog bypass via Git worktree spoofing. This exploit leverages the way Claude Code determines folder trust using the commondir file in Git worktrees. By crafting a repository containing a commondir file that points to a path the victim has previously trusted, an attacker could bypass the trust dialog, leading to arbitrary code execution through malicious hooks defined in the .claude/settings.json file. Successful exploitation required the victim to clone a malicious repository and run Claude Code within it, as well as the attacker knowing or guessing a path the victim had previously trusted. Users on standard Claude Code with auto-update enabled received the fix automatically.

Attack Chain

1. Attacker crafts a malicious Git repository with a commondir file.
2. The commondir file is configured to point to a directory path the victim is likely to have previously trusted.
3. The repository includes a malicious .claude/settings.json file containing arbitrary code execution hooks.
4. Attacker distributes the malicious repository, likely through social engineering or other deceptive means.
5. Victim clones the malicious repository to their local machine using git clone.
6. Victim opens the cloned directory containing the malicious .claude/settings.json in a vulnerable version of Claude Code.
7. Claude Code reads the commondir file and incorrectly trusts the repository based on the spoofed path.
8. The malicious hooks defined in .claude/settings.json are executed, leading to arbitrary code execution on the victim’s machine.

Impact

Successful exploitation of this vulnerability allowed an attacker to execute arbitrary code on a victim’s machine. While the number of affected users is unknown, the impact of successful exploitation could range from data theft and system compromise to complete takeover of the victim’s development environment. The vulnerability primarily targeted developers using Claude Code, potentially impacting software development organizations.

Recommendation

• Upgrade Claude Code to the latest version (>= 2.1.84) to patch CVE-2026-40068.
• Implement a detection rule that identifies the creation or modification of .claude/settings.json files containing suspicious code (see Sigma rule below).
• Monitor process creation events for unusual processes being launched from within the Claude Code application context (see Sigma rule below).

]]>highadvisorygitcode-executiontrust-bypasshttps://feed.craftedsignal.io/briefs/2026-04-tekton-api-token-leak/Wed, 22 Apr 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-tekton-api-token-leak/The Tekton Pipelines git resolver in API mode leaks the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter, allowing an attacker with TaskRun or PipelineRun creation permissions to exfiltrate the shared API token.A vulnerability exists in Tekton Pipelines’ git resolver (versions v1.0.0 through v1.10.0) where the system-configured Git API token is sent to a user-controlled serverURL when the user omits the token parameter. This allows a malicious tenant with TaskRun or PipelineRun create permissions to exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint. The attacker can then use this token to gain unauthorized access to private repositories, potentially exposing source code, secrets, and CI/CD configurations. This vulnerability is similar to GHSA-j5q5-j9gm-2w5c, where credentials could be exfiltrated. The vulnerability resides in the ResolveAPIGit() function within pkg/resolution/resolver/git/resolver.go.

Attack Chain

1. Attacker gains permission to create TaskRuns or PipelineRuns within a Tekton Pipelines namespace.
2. Attacker crafts a malicious TaskRun or PipelineRun configuration.
3. The configuration specifies the git resolver in API mode.
4. The configuration omits the token parameter but includes a serverURL pointing to an attacker-controlled endpoint.
5. Tekton Pipelines executes the TaskRun or PipelineRun, triggering the git resolver.
6. The ResolveAPIGit() function retrieves the system-configured Git API token using getAPIToken().
7. The function creates an SCM client pointed at the attacker-controlled serverURL with the system token as an Authorization header.
8. Subsequent API calls from the resolver to the attacker-controlled URL transmit the system token, allowing the attacker to capture it.

Impact

Successful exploitation allows an attacker to exfiltrate the system Git API token (GitHub PAT, GitLab token, etc.). The exfiltrated token can be used to access private repositories, potentially leading to the exposure of sensitive information like source code, secrets, and CI/CD configurations. This can lead to supply chain compromise, data breaches, or other unauthorized activities. All Tekton Pipeline instances running versions v1.0.0 through v1.10.0 are potentially vulnerable if a system-level API token is configured.

Recommendation

• Do not configure a system-level API token in the git resolver ConfigMap. Instead, require all users to provide their own tokens via the token parameter, as suggested in the advisory’s workaround section.
• Restrict TaskRun creation to limit which users or ServiceAccounts can create TaskRuns and PipelineRuns that use the git resolver, as recommended in the advisory’s workaround section.
• Apply NetworkPolicy to the tekton-pipelines-resolvers namespace to restrict outbound traffic to known-good Git servers only, mitigating the risk of token exfiltration to arbitrary serverURL values.

]]>highadvisorytektongitcredential-accessapi-tokenhttps://feed.craftedsignal.io/briefs/2026-04-git-ntlm-hash-leak/Wed, 15 Apr 2026 18:17:17 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-git-ntlm-hash-leak/Git for Windows versions prior to 2.53.0.windows.3 are vulnerable to NTLM hash theft by attackers who can trick users into cloning malicious repositories or checking out malicious branches, leading to potential credential compromise.Git for Windows versions before 2.53.0.windows.3 are susceptible to a vulnerability (CVE-2026-32631) that exposes users’ NTLM hashes to malicious actors. This occurs when a user interacts with a specially crafted Git repository or branch hosted on an attacker-controlled server. The vulnerability stems from the lack of sufficient protections against unauthorized NTLM authentication requests during Git operations. The attack doesn’t require user interaction beyond the initial clone or checkout. Successful exploitation allows attackers to capture NTLMv2 hashes, which, while computationally expensive, can be brute-forced to recover user credentials. This vulnerability was patched in Git for Windows version 2.53.0.windows.3.

Attack Chain

1. Attacker sets up a malicious Git repository on a server under their control. This repository contains a Git configuration that triggers an NTLM authentication request to the attacker’s server.
2. The attacker crafts a social engineering campaign to entice the victim to clone the malicious repository using the git clone command.
3. Alternatively, the attacker compromises an existing Git repository and adds a malicious branch. The victim is then tricked into checking out this branch using git checkout.
4. When the victim clones the repository or checks out the malicious branch, Git for Windows attempts to authenticate with the attacker’s server using the NTLM protocol.
5. The victim’s NTLMv2 hash is sent to the attacker’s server during the NTLM authentication handshake.
6. The attacker captures the NTLMv2 hash from the authentication traffic.
7. The attacker initiates an offline brute-force attack against the captured NTLMv2 hash.
8. Upon successful brute-forcing, the attacker recovers the victim’s credentials and can use them to access other resources.

Impact

Successful exploitation of CVE-2026-32631 allows attackers to steal user credentials. The impact includes unauthorized access to sensitive data, systems, and applications accessible with the compromised credentials. The number of potential victims is directly related to the number of users running vulnerable versions of Git for Windows who interact with malicious repositories or branches. Targeted sectors are broad, encompassing any organization using Git for Windows for software development and version control.

Recommendation

• Upgrade Git for Windows to version 2.53.0.windows.3 or later to remediate CVE-2026-32631.
• Implement network monitoring to detect NTLM authentication attempts originating from Git processes to unusual or external destinations.
• Deploy the Sigma rule “Detect Git Process Spawning Cmd with /c net use” to detect potential NTLM authentication attempts and adjust it to monitor outbound network connections from git.exe using NTLM.

]]>mediumadvisorycvecredential-accesswindowsgithttps://feed.craftedsignal.io/briefs/2026-03-vim-emacs-rce/Tue, 31 Mar 2026 21:45:14 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-vim-emacs-rce/Vulnerabilities in Vim (<=9.2.0271) and GNU Emacs allow remote code execution by opening a specially crafted file, leveraging flaws in modeline handling and Git integration, respectively.A researcher at Calif discovered vulnerabilities in Vim and GNU Emacs using the Claude AI assistant. The Vim vulnerability (versions 9.2.0271 and earlier) results from missing security checks in modeline handling, allowing arbitrary code execution when a specially crafted file is opened. A patch is available in version 9.2.0272. The GNU Emacs vulnerability stems from its integration with Git’s version control (vc-git) and remains unpatched. Opening a file can trigger Git operations via vc-refresh-state, leading to the execution of arbitrary commands defined in a user-controlled core.fsmonitor program within a hidden .git/config file. This affects users who open files from untrusted sources.

Attack Chain

1. Attacker creates a malicious archive containing a text file and a hidden .git/ directory.
2. The .git/ directory includes a config file.
3. The config file contains a core.fsmonitor entry pointing to a malicious executable.
4. The attacker distributes the archive (e.g., via email or shared drive).
5. Victim extracts the archive on their system.
6. The victim opens the seemingly benign text file within GNU Emacs.
7. GNU Emacs’ vc-git integration triggers vc-refresh-state.
8. vc-refresh-state causes Git to read the attacker-controlled .git/config file and execute the malicious core.fsmonitor program, achieving arbitrary code execution.

Impact

Successful exploitation of these vulnerabilities leads to arbitrary code execution with the privileges of the user running Vim or Emacs. For Vim, all versions 9.2.0271 and earlier are affected until patched. While the Emacs vulnerability remains unpatched, it poses a significant risk to users who routinely open files from unknown or untrusted sources, potentially leading to system compromise and data breaches. The number of potential victims is substantial given the widespread use of these editors by developers and system administrators.

Recommendation

• Upgrade Vim to version 9.2.0272 or later to patch the RCE vulnerability related to modeline handling (refer to the Vim flaw and fix section).
• Exercise extreme caution when opening files from unknown sources or downloaded online when using GNU Emacs due to the unpatched Git integration vulnerability (refer to the GNU Emacs points to Git section).
• Deploy the Sigma rule to detect execution of git with unusual core.fsmonitor configuration to your SIEM and tune for your environment.

]]>criticaladvisoryrcevimemacsgitmodeline