CVE-2026-33472— Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-33472
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用基本弱点进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cryptomator 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cryptomator是Cryptomator社区的一个简单的数字自卫工具。 Cryptomator 1.19.1版本存在安全漏洞,该漏洞源于CheckHostTrustController.getAuthority方法存在逻辑缺陷,可能导致绕过安全修复并拦截OAuth令牌交换。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| cryptomator | cryptomator | >= 1.19.1, < 1.19.2 | - |
II. Public POCs for CVE-2026-33472
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-33472
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: cryptomator
- CVE-2026-32310
Cryptomator: Unverified masterkeyfile key IDs can access arb - CVE-2026-32309
Cryptomator: Hub unlocking accepts plaintext HTTP and unvali - CVE-2026-32303
Cryptomator: Tampered vault configuration allows MITM attack - CVE-2026-29110
Cryptomator: Leaking of cleartext paths into log file in non - CVE-2023-39520
Cryptomator vulnerable to Local Elevation of Privileges
Same vendor: cryptomator
- CVE-2026-32317
Cryptomator for Android: Tampered vault configuration allows - CVE-2026-32318
Cryptomator for IOS: Tampered vault configuration allows MIT - CVE-2026-32310
Cryptomator: Unverified masterkeyfile key IDs can access arb - CVE-2026-32309
Cryptomator: Hub unlocking accepts plaintext HTTP and unvali - CVE-2026-32303
Cryptomator: Tampered vault configuration allows MITM attack
Same weakness: CWE-305
- CVE-2026-6266
Aap-controller: aap-gateway: account hijacking and unauthori - CVE-2026-4670
Improper Authentication vulnerability in Progress MOVEit Aut - CVE-2026-20152
Cisco Secure Web Appliance Authentication Service Traffic By - CVE-2026-33892
Siemens Industrial Edge Management 安全漏洞 - CVE-2026-40039
Pachno 1.0.6 Open Redirection via return_to Parameter
V. Comments for CVE-2026-33472
No comments yet