TROYANOSYVIRUS
Voltar para CVEs

CVE-2026-32310

MEDIUM
4.1

Descricao

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.

Detalhes CVE

Pontuacao CVSS v3.14.1
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado3/20/2026
Ultima modificacao3/25/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

cryptomator:cryptomatormicrosoft:windows

Fraquezas (CWE)

CWE-22

Referencias

https://github.com/cryptomator/cryptomator/commit/1e3dfe3de1623b1b85d24db91e49d31d1ea11f40(security-advisories@github.com)
https://github.com/cryptomator/cryptomator/pull/4180(security-advisories@github.com)
https://github.com/cryptomator/cryptomator/releases/tag/1.19.1(security-advisories@github.com)
https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr52(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.