Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.
AnalysisAI
Cryptomator versions 1.6.0 through 1.19.0 contain a path traversal vulnerability in vault configuration parsing where the masterkeyfile loader resolves an unverified keyId parameter as a filesystem path before integrity checks are performed. An attacker with the ability to supply a malicious vault configuration can exploit this to trigger arbitrary file existence checks, including UNC paths on Windows that can initiate outbound SMB connections before the user even enters a passphrase, potentially leading to information disclosure about local file structure and network exposure. The vulnerability has been patched in version 1.19.1, and while no active KEV exploitation has been reported, the low attack complexity and the ability to chain this with social engineering (malicious vault sharing) makes it a moderate practical risk.
Technical ContextAI
Cryptomator is a client-side encryption application for securing files on cloud storage platforms. The vulnerability exists in the vault configuration loader component, which is responsible for parsing and validating vault metadata before decryption operations. The root cause is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, aka Path Traversal), where the application resolves user-controlled input (keyId from vault config) directly using Path.resolve() against the vault directory without prior validation or sanitization. The masterkeyfile URI scheme handler extracts keyId.getSchemeSpecificPart() and immediately calls Files.exists() to verify the key file, but this check occurs before the vault configuration integrity is cryptographically verified. On Windows systems specifically, UNC path syntax (//attacker/share/) is converted to SMB network paths (\\attacker\share\), allowing attackers to trigger SMB connection attempts that can be intercepted or logged by network monitoring tools. The affected CPE is cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*
RemediationAI
Upgrade Cryptomator immediately to version 1.19.1 or later, which includes the fix implemented in commit 1e3dfe3de1623b1b85d24db91e49d31d1ea11f40 (see https://github.com/cryptomator/cryptomator/pull/4180 for the merge details). Users unable to patch immediately should avoid opening vault configuration files from untrusted sources and be cautious when sharing vault files with others, particularly on Windows systems where UNC path exploitation could expose network topology. Network administrators may consider implementing SMB egress filtering on Windows workstations to prevent unexpected outbound SMB connections that could be triggered by malicious vault configurations. Until patching is completed, treat all vault files as potentially malicious and restrict access to trusted, in-house generated vaults only.
Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by
The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co
Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in
A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr
Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit
Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13750