Description
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.
Published: 2026-03-20
Score: 4.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file access including SMB shares
Action: Patch
AI Analysis

Impact

Cryptomator encrypts cloud data through vaults, but from version 1.6.0 to just before 1.19.1 the system parses the vault configuration before checking its integrity. The masterkeyfile loader treats the keyId supplied in the configuration as a file‑system path without validation. An attacker can insert parent‑directory escapes or absolute paths – for example using a masterkeyfile://prefix that resolves to a UNC share – so the application will call the path existence check before any password is entered. This can allow reading of arbitrary local files or triggering outbound SMB requests to attacker controlled shares, potentially exposing sensitive data.

Affected Systems

Cryptomator versions 1.6.0 through 1.19.0 on any platform detected by the CPE – particularly Windows, where UNC resolution is risky. The vulnerability does not affect earlier versions or 1.19.1 and later. The affected software is the Cryptomator desktop application distributed by the vendor cryptomator:cryptomator. Windows operating systems are especially relevant because of the SMB path resolution.

Risk and Exploitability

The CVSS score of 4.1 reflects moderate risk; the EPSS score shows less than 1% probability of exploitation today, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires a user to load or open a vault whose configuration contains a malicious masterkeyfile keyId, which the attacker can supply via a compromised cloud folder or a phishing attachment. Once the vault is opened, the existence check for the supplied path occurs before the user enters the vault password, so the exploit can succeed without further interaction. Consequently, the main risk is local or network file disclosure rather than remote code execution.

Generated by OpenCVE AI on March 25, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cryptomator to version 1.19.1 or later.
  • Verify that all vault configuration files originate from trusted sources and remove or correct any that use arbitrary masterkeyfile paths.

Generated by OpenCVE AI on March 25, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Cryptomator
Cryptomator cryptomator
Vendors & Products Cryptomator
Cryptomator cryptomator

Fri, 20 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.
Title Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 4.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

Cryptomator Cryptomator
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T19:56:38.604Z

Reserved: 2026-03-11T21:16:21.659Z

Link: CVE-2026-32310

cve-icon Vulnrichment

Updated: 2026-03-20T19:56:34.253Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T19:16:15.907

Modified: 2026-03-25T20:45:24.640

Link: CVE-2026-32310

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:20:37Z

Weaknesses