VYPR

Cryptomator

by Cryptomator

Source repositories

CVEs (11)

  • CVE-2026-33472MedApr 16, 2026
    risk 0.24cvss 4.8epss 0.00

    Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on…

  • CVE-2006-1172May 9, 2006
    risk 0.04cvss epss 0.14

    Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.

  • CVE-2026-32317Mar 20, 2026
    risk 0.00cvss epss 0.00

    Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key…

  • CVE-2026-32318Mar 20, 2026
    risk 0.00cvss epss 0.00

    Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key…

  • CVE-2026-32310Mar 20, 2026
    risk 0.00cvss epss 0.00

    Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves…

  • CVE-2026-32309Mar 20, 2026
    risk 0.00cvss epss 0.00

    Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and…

  • CVE-2026-32303Mar 20, 2026
    risk 0.00cvss epss 0.00

    Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix,…

  • CVE-2026-29110Mar 6, 2026
    risk 0.00cvss epss 0.00

    Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is…

  • CVE-2023-39520Aug 7, 2023
    risk 0.00cvss epss 0.00

    Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is…

  • CVE-2023-37907Jul 25, 2023
    risk 0.00cvss epss 0.00

    Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair…

  • CVE-2022-25366Feb 19, 2022
    risk 0.00cvss epss 0.01

    Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by…