CVE-2026-32310

low-risk

Published 2026-03-20

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Cryptomator

Affected Vendors

Cryptomator

References (4)

Patch https://github.com/cryptomator/cryptomator/commit/1e3dfe3de1623b1b85d24db91e49d3...

Issue Tracking https://github.com/cryptomator/cryptomator/pull/4180

Release Notes https://github.com/cryptomator/cryptomator/releases/tag/1.19.1

Vendor Advisory https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr...

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal