Git has released version 2.26.2 to address a vulnerability in the credential helper mechanism that was not fully resolved in the previous update, v2.26.1. This vulnerability could allow a malformed URL to create a credential pattern with blank fields, potentially causing credential leaks to untrusted sources. While some credential helpers, like Git's own store and cache helpers, are vulnerable, others like the Git Credential Manager for Windows are unaffected. Users are advised to upgrade to v2.26.2 to secure against these issues, and in the interim, avoid using credential helpers with untrusted repositories. GitHub has implemented additional protective measures, including blocking malicious .gitmodules and preparing a new release of GitHub Desktop to mitigate the exploit. The discovery and analysis of these vulnerabilities were credited to Carlo Arenas and Jonathan Nieder from Google.