HIGH🇵🇱 Wersja polska

CVE-2026-32303

CVSS 7.6v3.1pub. 2026-03-20upd. 2026-03-26

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
  • Cryptomator

    APP
    Cryptomator
    < 1.19.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-32309HIGH8.7ten sam produkt

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock ...

CVE-2026-32318HIGH7.6ten sam produkt

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to ...

CVE-2026-32317HIGH7.6ten sam produkt

Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior...

CVE-2023-37907HIGH7.0ten sam produkt

Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, ...

CVE-2022-25366HIGH7.8ten sam produkt

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime...