CVE-2026-29110
Information Disclosure via Cleartext Path Logging in Cryptomator Vaults
Publication date: 2026-03-06
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cryptomator | cryptomator | to 1.19.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29110 is a vulnerability in Cryptomator versions prior to 1.19.0 where cleartext file paths may be leaked into log files even when the application is running in non-debug mode.
This leakage happens only when a filesystem request fails, for example due to a damaged encrypted file or a non-existent file, causing the application to generate a log message that includes sensitive meta information about files stored inside a vault.
Not all cleartext paths are logged, only those related to failed filesystem requests, potentially exposing details while the vault is closed.
The vulnerability is classified under CWE-209, which involves generation of error messages containing sensitive information.
How can this vulnerability impact me? :
This vulnerability can lead to the unintended disclosure of sensitive meta information about files stored inside a Cryptomator vault through log files.
An attacker with local access could potentially view these log files and gain information about file paths, which might reveal details about the contents or structure of the vault even when it is closed.
The impact on confidentiality is low, and there is no impact on integrity or availability.
The attack complexity is high, requires local access, low privileges, and user interaction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by inspecting Cryptomator log files for cleartext file paths that appear when filesystem requests fail. These log files are generated when errors such as damaged encrypted files or non-existent files occur.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability, you can search for suspicious cleartext paths in the log files located in the following directories depending on your operating system:'}, {'type': 'list_item', 'content': 'Windows: %LOCALAPPDATA%/Cryptomator'}, {'type': 'list_item', 'content': 'macOS: ~/Library/Logs/Cryptomator'}, {'type': 'list_item', 'content': 'Linux: ~/.local/share/Cryptomator/logs'}, {'type': 'paragraph', 'content': 'Example commands to search for cleartext paths in log files could include:'}, {'type': 'list_item', 'content': "On Linux/macOS: grep -iE 'path|file' ~/.local/share/Cryptomator/logs/*.log"}, {'type': 'list_item', 'content': 'On Windows (PowerShell): Select-String -Path "$env:LOCALAPPDATA\\Cryptomator\\*.log" -Pattern \'path\',\'file\''}] [1]
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in Cryptomator version 1.19.0. The immediate step to mitigate this issue is to upgrade Cryptomator to version 1.19.0 or later.
As a workaround before upgrading, you can delete existing application log files to remove any leaked cleartext paths. The log files to delete are located at:
- Windows: %LOCALAPPDATA%/Cryptomator
- macOS: ~/Library/Logs/Cryptomator
- Linux: ~/.local/share/Cryptomator/logs