CVE-2026-32317
Integrity Check Bypass in Cryptomator Android Enables MITM Attack
Publication date: 2026-03-20
Last updated on: 2026-03-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cryptomator | cryptomator | to 1.12.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-923 | The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. |
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
| CWE-354 | The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32317 is a high-severity vulnerability affecting Cryptomator Android client versions prior to 1.12.3. It stems from an integrity check flaw in the vault configuration file (vault.cryptomator), which allows an attacker to tamper with this file.
This tampering enables a man-in-the-middle (MITM) attack on the Hub API during the key loading process because the client trusted endpoints specified in the vault configuration without verifying host authenticity.
An attacker could mix a legitimate authentication endpoint with a malicious API endpoint, potentially leading to token exfiltration when unlocking Hub-backed vaults in environments where the attacker can modify the vault configuration file.
The vulnerability involves weaknesses such as origin validation errors, improper validation of integrity check values, UI misrepresentation of critical information, and improper restriction of communication channels.
The issue was patched in version 1.12.3 by introducing a Trust-on-First-Contact (TOFU) host verification mechanism requiring explicit user approval to trust new hosts.
How can this vulnerability impact me? :
If you use an affected version of Cryptomator Android (prior to 1.12.3) to unlock Hub-backed vaults in an environment where an attacker can alter the vault configuration file, this vulnerability could allow the attacker to perform a man-in-the-middle attack.
This attack could lead to exfiltration of authentication tokens by mixing legitimate and malicious endpoints, potentially compromising your access credentials.
However, Cryptomator Hubβs end-to-end encryption ensures that the confidentiality of your vault data remains intact despite this vulnerability.
To mitigate the risk before upgrading, users should restrict outbound network access to trusted Hub hosts and protect the vault configuration fileβs integrity through strict file permissions and trusted synchronization/storage paths.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves tampering with the vault configuration file (vault.cryptomator) which can lead to a man-in-the-middle attack during the Hub key loading process. Detection involves verifying the integrity of the vault.cryptomator file and monitoring network traffic for suspicious connections to untrusted endpoints.
Suggested detection steps include:
- Check the integrity and permissions of the vault.cryptomator file to ensure it has not been altered.
- Monitor outbound network connections from the Cryptomator Android client to verify that connections are only made to trusted Hub hosts.
- Use network monitoring tools (e.g., tcpdump, Wireshark) to capture and analyze traffic for unexpected or mixed endpoints during vault unlock operations.
- Example commands might include:
- On a rooted Android device or emulator, use: `ls -l /path/to/vault.cryptomator` to check file permissions.
- Use `sha256sum /path/to/vault.cryptomator` to verify file integrity against a known good hash.
- Use `tcpdump -i any host <trusted_hub_host>` or `tcpdump -i any not host <trusted_hub_host>` to monitor network traffic to and from trusted or untrusted hosts.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, users should upgrade Cryptomator Android client to version 1.12.3 or later, which includes a patch introducing a Trust-on-First-Contact (TOFU) host verification mechanism.
Before upgrading, the following mitigation steps are recommended:
- Restrict outbound network access from the Cryptomator client to only trusted Hub hosts to prevent connections to malicious endpoints.
- Protect the vault.cryptomator configuration file by enforcing strict file permissions and ensuring it is stored and synchronized only through trusted paths.
- Be cautious when unlocking Hub-backed vaults in environments where an attacker could modify the vault configuration file.