Integrity Check Vulnerability in Cryptomator for Android by Cryptomator
CVE-2026-32317

7.6HIGH

Key Information:

Vendor: Cryptomator
Status: Android
Vendor: CVE Published:; 20 March 2026

🔔 Create Cryptomator Vulnerability Alert

What is CVE-2026-32317?

Cryptomator for Android, a tool for multi-platform transparent client-side encryption, has an integrity check vulnerability that can be exploited to compromise the vault configuration file. This flaw may allow an attacker to perform man-in-the-middle attacks during the Hub key loading process. Specifically, the client version prior to 1.12.3 lacked host authenticity checks for endpoints defined in the vault configuration file, making it possible to mix legitimate authorization endpoints with malicious API endpoints. This could result in unauthorized token exfiltration when users attempt to unlock Hub-backed vaults in environments susceptible to such tampering. The issue has been addressed in version 1.12.3.

Affected Version(s)

android < 1.12.3

References

https://github.com/cryptomator/android/security/advisorie...

x_refsource_CONFIRM

https://github.com/cryptomator/android/releases/tag/1.12.3

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32317 Data

JSON