EUVD-2026-13746
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Lifecycle Timeline
3Description
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1.
Analysis
Cryptomator versions prior to 1.19.1 contain an integrity check vulnerability that allows attackers to tamper with the vault.cryptomator configuration file, enabling man-in-the-middle attacks during Hub key loading. Attackers can mix legitimate authentication endpoints with malicious API endpoints to exfiltrate access tokens from users unlocking Hub-backed vaults in environments where vault configuration files can be modified. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Cryptomator deployments, identify systems using Hub-backed vaults, and restrict file system write access to vault.cryptomator configuration files. Within 7 days: Disable Hub integration if not operationally critical, enforce strict access controls on vault locations, and implement file integrity monitoring on configuration files. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today