Browse all 9 CVE security advisories affecting cryptomator. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Cryptomator provides cross-platform file encryption for cloud storage, securing user data through client-side encryption. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, with nine CVEs documented. The application's security model emphasizes zero-knowledge architecture, though past incidents revealed issues like insecure default configurations and improper input validation. While no major breaches have been reported, the CVE history suggests potential risks in areas such as cryptographic implementation and access control. Users should maintain current versions and review security advisories, as the project's open-source nature allows for rapid vulnerability remediation but also exposes potential attack surfaces through third-party dependencies.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33472 | Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass) — cryptomatorCWE-305 | 4.8 | Medium | 2026-04-16 |
| CVE-2026-32310 | Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths — cryptomatorCWE-22 | 4.1 | Medium | 2026-03-20 |
| CVE-2026-32309 | Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes — cryptomatorCWE-319 | 9.1 | - | 2026-03-20 |
| CVE-2026-32303 | Cryptomator: Tampered vault configuration allows MITM attack on Hub API — cryptomatorCWE-346 | 7.6 | High | 2026-03-20 |
| CVE-2026-29110 | Cryptomator: Leaking of cleartext paths into log file in non-debug mode — cryptomatorCWE-209 | 2.2 | Low | 2026-03-06 |
| CVE-2023-39520 | Cryptomator vulnerable to Local Elevation of Privileges — cryptomatorCWE-269 | 5.5 | Medium | 2023-08-07 |
| CVE-2023-37907 | Cryptomator's MSI installer allows local privilege escalation — cryptomatorCWE-269 | 7.0 | High | 2023-07-25 |
This page lists every published CVE security advisory associated with cryptomator. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.