EUVD-2026-13760CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Lifecycle Timeline
3Description
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.12.3.
Analysis
An integrity check vulnerability in Cryptomator for Android prior to version 1.12.3 allows attackers to tamper with the vault configuration file, enabling a man-in-the-middle attack against the Hub key loading mechanism. Attackers who can modify the vault.cryptomator file can mix legitimate authentication endpoints with malicious API endpoints to exfiltrate tokens from users unlocking Hub-backed vaults. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Cryptomator Android deployments in your organization and determine which users rely on Hub-backed vaults. Within 7 days: Communicate risk advisory to affected users and implement network monitoring for suspicious vault configuration modifications; consider restricting Cryptomator Android to trusted networks only. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today