CVE-2026-32310 in cryptomator
Summary
by MITRE • 03/20/2026
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/26/2026
The vulnerability described in CVE-2026-32310 represents a critical security flaw in Cryptomator's vault configuration handling mechanism that enables arbitrary file system access through improper input validation. This issue affects versions 1.6.0 through 1.19.0, where the application fails to verify the integrity of vault configurations before processing them, creating a window of opportunity for attackers to manipulate the system's behavior through maliciously crafted configuration files. The flaw resides in the masterkeyfile loader component which processes key identifiers without proper sanitization, directly using the unverified keyId as a filesystem path reference. This design pattern violates fundamental security principles by allowing untrusted input to dictate system behavior without adequate validation or sanitization.
The technical exploitation of this vulnerability occurs through the improper handling of URI schemes within the keyId parsing process. Specifically, when the loader calls keyId.getSchemeSpecificPart() and immediately resolves this against the vault path using Files.exists(...), it creates a path traversal scenario that allows attackers to craft malicious vault configuration files containing parent-directory escapes, absolute paths, or UNC network paths. The vulnerability is particularly severe on Windows systems where UNC paths can trigger outbound SMB network connections before any user authentication occurs. This means that simply loading a malicious vault configuration file can result in automatic network communication to attacker-controlled servers, bypassing normal authentication requirements and potentially exposing the system to further attacks.
The operational impact of this vulnerability extends beyond simple path traversal, as it fundamentally undermines the security model of Cryptomator's vault protection system. Attackers can leverage this flaw to perform unauthorized file system operations, potentially accessing sensitive files, creating malicious files, or even executing arbitrary code depending on the system permissions. The vulnerability's ability to trigger network connections through UNC paths makes it particularly dangerous in enterprise environments where SMB access controls are typically more restrictive and monitored. This issue represents a classic case of insufficient input validation and improper privilege separation, where untrusted configuration data is processed with elevated system privileges without adequate sanitization. The vulnerability has been addressed in version 1.19.1 through improved input validation and proper sequence of operations that verify configuration integrity before any file system access occurs.
This vulnerability aligns with CWE-22 Path Traversal and CWE-770 Allocation of Resources Without Limits or Throttling categories, demonstrating how improper input handling can lead to resource exhaustion and unauthorized access. The attack pattern follows the MITRE ATT&CK framework's T1059 Command and Scripting Interpreter and T1071 Application Layer Protocol categories, as the vulnerability enables malicious command execution through crafted configuration files. The issue also relates to T1566 Credential Access through the potential for unauthorized file system access that could expose sensitive credentials or cryptographic keys. Organizations using Cryptomator should immediately update to version 1.19.1 or later to prevent exploitation of this vulnerability, as the attack surface is broad and the impact includes both local and network-based threats. The vulnerability serves as a reminder of the critical importance of input validation and proper resource handling in security-sensitive applications, particularly those dealing with encryption and file system operations.