Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-32303
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-20 Mar, 2026 | 18:16
Updated At-26 Mar, 2026 | 13:55

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
CPE Matches
cryptomator
cryptomator
>>cryptomator>>Versions before 1.19.1(exclusive)
cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-346Primarysecurity-advisories@github.com
CWE-354Primarysecurity-advisories@github.com
CWE-451Primarysecurity-advisories@github.com
CWE-923Primarysecurity-advisories@github.com
CWE ID: CWE-346
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-354
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-451
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-923
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/cryptomator/cryptomator/commit/6b82abcd80449a30b561d823193f9ecea542a625security-advisories@github.com
Patch
https://github.com/cryptomator/cryptomator/pull/4179security-advisories@github.com
Issue Tracking
https://github.com/cryptomator/cryptomator/releases/tag/1.19.1security-advisories@github.com
Release Notes
https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43security-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/cryptomator/cryptomator/commit/6b82abcd80449a30b561d823193f9ecea542a625
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/cryptomator/cryptomator/pull/4179
Source: security-advisories@github.com
Resource:
Issue Tracking
Hyperlink: https://github.com/cryptomator/cryptomator/releases/tag/1.19.1
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43
Source: security-advisories@github.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found