CVE-2026-32310

Description

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.

CVSS Details

CVSS Score

4.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* - NOT VULNERABLE

PoC / Exploit Code

No PoC code available.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-32310
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-32310
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-32310/
[4] VulDB https://vuldb.com/cve/CVE-2026-32310
[5] https://github.com/cryptomator/cryptomator/commit/1e3dfe3de1623b1b85d24db91e49d31d1ea11f40
[6] https://github.com/cryptomator/cryptomator/pull/4180
[7] https://github.com/cryptomator/cryptomator/releases/tag/1.19.1
[8] https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr52

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-32310", "sourceIdentifier": "[email protected]", "published": "2026-03-20T19:16:15.907", "lastModified": "2026-03-25T20:45:24.640", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve(\"//attacker/share/...\") becomes \\\\attacker\\share\\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1."}, {"lang": "es", "value": "Cryptomator cifra datos almacenados en infraestructura en la nube. Desde la versión 1.6.0 hasta antes de la versión 1.19.1, la configuración de la bóveda se analiza antes de que se verifique su integridad, y el cargador de masterkeyfile utiliza el keyId no verificado como una ruta del sistema de archivos. El cargador resuelve keyId.getSchemeSpecificPart() directamente contra la ruta de la bóveda e inmediatamente llama a Files.exists(...). Esto permite a una configuración de bóveda maliciosa proporcionar escapes de directorio padre, rutas locales absolutas o rutas UNC (p. ej., masterkeyfile://atacante/share/masterkey.cryptomator). En Windows, la variante UNC es especialmente peligrosa porque Path.resolve(\"//atacante/share/...\") se convierte en \\\\atacante\\share\\..., por lo que la verificación de existencia puede activar el acceso SMB saliente antes de que el usuario siquiera introduzca una frase de contraseña. Este problema ha sido parcheado en la versión 1.19.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "baseScore": 4.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.6.0", "versionEndIncluding": "1.19.0", "matchCriteriaId": "F58B7CCD-1796-4352-BBD5-0872CFAF41B5"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}], "references": [{"url": "https://github.com/cryptomator/cryptomator/commit/1e3dfe3de1623b1b85d24db91e49d31d1ea11f40", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/cryptomator/cryptomator/pull/4180", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr52", "source": "[email protected]", "tags": ["Vendor Advisory", "Mitigation"]}]}}