Data Leakage in Cryptomator: A Security Concern for Cloud Storage Solutions
CVE-2026-29110

2.2LOW

Key Information:

Vendor: Cryptomator
Status: Cryptomator
Vendor: CVE Published:; 6 March 2026

🔔 Create Cryptomator Vulnerability Alert

What is CVE-2026-29110?

Cryptomator, a tool designed for encrypting data stored in cloud environments, faced an issue prior to version 1.19.0. In non-debug mode, the application may inadvertently log cleartext paths within its log files, especially when a filesystem request encounters an error such as a missing or corrupted file. This exposure could potentially reveal sensitive metadata about the files retained in a vault, even when the vault is closed. It is important to note that not every filesystem request failure results in path logging. This vulnerability has been addressed in the latest version, which eliminates the risk of such data leakage.

Affected Version(s)

cryptomator < 1.19.0

References

https://github.com/cryptomator/cryptomator/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-29110 Data

JSON