CVE-2026-32310
Received Received - Intake
Path Traversal in Cryptomator Vault Loader Enables SMB Access

Publication date: 2026-03-20

Last updated on: 2026-03-25

Assigner: GitHub, Inc.

Description
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \\attacker\share\..., so the existence check can trigger outbound SMB access before the user even enters a passphrase. This issue has been patched in version 1.19.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32310
EUVD
EUVD-2026-13750
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cryptomator cryptomator From 1.6.0 (inc) to 1.19.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32310 is a vulnerability in Cryptomator versions 1.6.0 through 1.19.0 where the vault configuration is parsed before its integrity is verified. The masterkeyfile loader uses an unverified keyId as a filesystem path without proper validation, allowing it to resolve paths that include parent-directory traversal, absolute local paths, or UNC paths.

This means a malicious vault configuration can specify a masterkeyfile path that escapes the vault directory or points to external locations, such as attacker-controlled network shares. On Windows, this can trigger outbound SMB network access to attacker hosts before the user even enters a passphrase.

The root cause is that the software trusts path-bearing masterkeyfile key identifiers from unverified vault metadata without enforcing containment checks or rejecting absolute or UNC paths, leading to path traversal and external file access.

Impact Analysis

This vulnerability can impact users by allowing a malicious vault configuration to cause Cryptomator to access arbitrary files outside the intended vault directory.

  • It can trigger outbound SMB network connections to attacker-controlled UNC shares on Windows, potentially leaking NTLM authentication credentials.
  • It may expose hostnames and user context to attackers before any passphrase is entered.
  • It allows unauthorized access to local files outside the vault root.
  • Backup logic may create backups outside the vault due to non-normalized path checks.
Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for unusual outbound SMB network connections originating from Cryptomator before any user passphrase is entered, especially on Windows systems. Such connections may indicate that the software is resolving and checking external UNC paths specified in a malicious vault configuration.

A proof of concept involves creating or modifying a vault configuration with a masterkeyfile URI pointing to an external path and observing if Cryptomator attempts to access that path before prompting for a passphrase.

On Windows, network monitoring tools or commands can be used to detect outbound SMB connections to suspicious hosts. For example, using PowerShell or command line tools to monitor SMB traffic or network connections:

  • Use PowerShell to monitor SMB connections: `Get-SmbConnection`
  • Use netstat to check for outbound SMB connections (port 445): `netstat -an | findstr :445`
  • Use network packet capture tools like Wireshark or tcpdump to monitor SMB traffic to external hosts.

Additionally, inspecting the vault configuration files for suspicious masterkeyfile URIs containing parent-directory traversal sequences, absolute paths, or UNC paths can help detect attempts to exploit this vulnerability.

Mitigation Strategies

Immediate mitigation steps include upgrading Cryptomator to version 1.19.1 or later, where the vulnerability has been patched by enforcing masterkey loading only from a fixed filename within the vault directory.

If upgrading is not immediately possible, avoid opening vaults from untrusted sources or with suspicious configurations that may contain malicious masterkeyfile URIs.

Network-level controls can be applied to block outbound SMB connections (port 445) from the system running Cryptomator to prevent leakage of credentials or exposure to attacker-controlled UNC shares.

Review and validate vault configuration files to ensure they do not contain absolute paths, UNC paths, or parent-directory traversal sequences in masterkeyfile key IDs.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32310. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart