Refine your search
7 vulnerabilities found for cryptomator by cryptomator
CVE-2026-33472 (GCVE-0-2026-33472)
Vulnerability from cvelistv5
Published
2026-04-16 21:12
Modified
2026-04-20 15:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cryptomator | cryptomator |
Version: >= 1.19.1, < 1.19.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33472",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T14:50:12.860065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T15:00:33.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19.1, \u003c 1.19.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T21:12:37.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p"
},
{
"name": "https://github.com/cryptomator/cryptomator/pull/4179",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/pull/4179"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.2"
}
],
"source": {
"advisory": "GHSA-9q8x-whrw-x44p",
"discovery": "UNKNOWN"
},
"title": "Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33472",
"datePublished": "2026-04-16T21:12:37.076Z",
"dateReserved": "2026-03-20T16:16:48.969Z",
"dateUpdated": "2026-04-20T15:00:33.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32310 (GCVE-0-2026-32310)
Vulnerability from cvelistv5
Published
2026-03-20 18:19
Modified
2026-03-20 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cryptomator | cryptomator |
Version: >= 1.6.0, <= 1.19.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T19:56:28.979892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T19:56:38.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c= 1.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve(\"//attacker/share/...\") becomes \\\\attacker\\share\\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:19:30.985Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr52",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr52"
},
{
"name": "https://github.com/cryptomator/cryptomator/pull/4180",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/pull/4180"
},
{
"name": "https://github.com/cryptomator/cryptomator/commit/1e3dfe3de1623b1b85d24db91e49d31d1ea11f40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/commit/1e3dfe3de1623b1b85d24db91e49d31d1ea11f40"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1"
}
],
"source": {
"advisory": "GHSA-5phc-5pfx-hr52",
"discovery": "UNKNOWN"
},
"title": "Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32310",
"datePublished": "2026-03-20T18:19:30.985Z",
"dateReserved": "2026-03-11T21:16:21.659Z",
"dateUpdated": "2026-03-20T19:56:38.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32309 (GCVE-0-2026-32309)
Vulnerability from cvelistv5
Published
2026-03-20 18:19
Modified
2026-03-27 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cryptomator | cryptomator |
Version: < 1.19.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T15:18:10.141409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T15:24:06.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:19:09.746Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-vv33-h7qx-c264",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-vv33-h7qx-c264"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1"
}
],
"source": {
"advisory": "GHSA-vv33-h7qx-c264",
"discovery": "UNKNOWN"
},
"title": "Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32309",
"datePublished": "2026-03-20T18:19:09.746Z",
"dateReserved": "2026-03-11T21:16:21.659Z",
"dateUpdated": "2026-03-27T15:24:06.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32303 (GCVE-0-2026-32303)
Vulnerability from cvelistv5
Published
2026-03-20 17:57
Modified
2026-03-23 21:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cryptomator | cryptomator |
Version: < 1.19.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T20:52:44.437617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T21:41:57.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T17:57:31.884Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43"
},
{
"name": "https://github.com/cryptomator/cryptomator/pull/4179",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/pull/4179"
},
{
"name": "https://github.com/cryptomator/cryptomator/commit/6b82abcd80449a30b561d823193f9ecea542a625",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/commit/6b82abcd80449a30b561d823193f9ecea542a625"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1"
}
],
"source": {
"advisory": "GHSA-34rf-rwr3-7g43",
"discovery": "UNKNOWN"
},
"title": "Cryptomator: Tampered vault configuration allows MITM attack on Hub API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32303",
"datePublished": "2026-03-20T17:57:31.884Z",
"dateReserved": "2026-03-11T21:16:21.659Z",
"dateUpdated": "2026-03-23T21:41:57.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29110 (GCVE-0-2026-29110)
Vulnerability from cvelistv5
Published
2026-03-06 17:53
Modified
2026-03-06 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file, not existing file), a log message is created. This issue has been patched in version 1.19.0.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cryptomator | cryptomator |
Version: < 1.19.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T18:33:27.216732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:33:33.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file, not existing file), a log message is created. This issue has been patched in version 1.19.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T17:53:53.948Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-j83j-mwhc-rcgw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-j83j-mwhc-rcgw"
}
],
"source": {
"advisory": "GHSA-j83j-mwhc-rcgw",
"discovery": "UNKNOWN"
},
"title": "Cryptomator: Leaking of cleartext paths into log file in non-debug mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29110",
"datePublished": "2026-03-06T17:53:53.948Z",
"dateReserved": "2026-03-03T21:54:06.709Z",
"dateUpdated": "2026-03-06T18:33:33.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39520 (GCVE-0-2023-39520)
Vulnerability from cvelistv5
Published
2023-08-07 19:35
Modified
2024-10-03 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cryptomator | cryptomator |
Version: <= 1.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3"
},
{
"name": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"lessThanOrEqual": "1.9.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39520",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:04:44.840863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:05:22.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T19:35:45.782Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3"
},
{
"name": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3"
}
],
"source": {
"advisory": "GHSA-62gx-54j7-mjh3",
"discovery": "UNKNOWN"
},
"title": "Cryptomator vulnerable to Local Elevation of Privileges"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39520",
"datePublished": "2023-08-07T19:35:45.782Z",
"dateReserved": "2023-08-03T16:27:36.262Z",
"dateUpdated": "2024-10-03T18:05:22.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37907 (GCVE-0-2023-37907)
Vulnerability from cvelistv5
Published
2023-07-25 20:11
Modified
2024-10-03 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cryptomator | cryptomator |
Version: 1.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq"
},
{
"name": "https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"lessThan": "1.9.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37907",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:49:01.856664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:51:28.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "1.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T20:11:50.843Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq"
},
{
"name": "https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.2"
}
],
"source": {
"advisory": "GHSA-9c9p-c3mg-hpjq",
"discovery": "UNKNOWN"
},
"title": "Cryptomator\u0027s MSI installer allows local privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37907",
"datePublished": "2023-07-25T20:11:50.843Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-10-03T18:51:28.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}