All 7 CVE vulnerabilities found in cryptomator, with AI-generated Chinese analysis, references, and POCs.
Vendor: cryptomator
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33472 | Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass) CWE-305 | 4.8 | Medium | 2026-04-16 |
| CVE-2026-32310 | Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths CWE-22 | 4.1 | Medium | 2026-03-20 |
| CVE-2026-32309 | Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes CWE-319 | 9.1 | - | 2026-03-20 |
| CVE-2026-32303 | Cryptomator: Tampered vault configuration allows MITM attack on Hub API CWE-346 | 7.6 | High | 2026-03-20 |
| CVE-2026-29110 | Cryptomator: Leaking of cleartext paths into log file in non-debug mode CWE-209 | 2.2 | Low | 2026-03-06 |
| CVE-2023-39520 | Cryptomator vulnerable to Local Elevation of Privileges CWE-269 | 5.5 | Medium | 2023-08-07 |
| CVE-2023-37907 | Cryptomator's MSI installer allows local privilege escalation CWE-269 | 7.0 | High | 2023-07-25 |
All 7 known CVE vulnerabilities affecting cryptomator with full Chinese analysis, references, and POCs where available.