CVE-2026-29110 Overview
CVE-2026-29110 is an Information Leakage vulnerability affecting Cryptomator, a client-side encryption application designed to protect data stored on cloud infrastructure. Prior to version 1.19.0, Cryptomator may inadvertently leak cleartext paths into log files when operating in non-debug mode. This information exposure can reveal metadata about files stored inside an encrypted vault, even when the vault is closed.
Critical Impact
Cleartext file paths may be exposed in application logs, potentially revealing sensitive information about encrypted vault contents to unauthorized parties with local system access.
Affected Products
- Cryptomator versions prior to 1.19.0
Discovery Timeline
- 2026-03-06 - CVE CVE-2026-29110 published to NVD
- 2026-03-09 - Last updated in NVD database
Technical Details for CVE-2026-29110
Vulnerability Analysis
This vulnerability falls under CWE-209 (Generation of Error Message Containing Sensitive Information). The core issue lies in Cryptomator's error handling mechanism, which logs cleartext file paths when filesystem operations fail. This can occur under various conditions such as encountering a damaged encrypted file or attempting to access a non-existent file within the vault.
The attack requires local access to the system where Cryptomator logs are stored. An attacker would need to gain access to the log files to exploit this vulnerability. While not every cleartext path is logged, failed filesystem requests trigger the creation of log messages that may contain sensitive path information. This information disclosure could reveal the organizational structure and file naming conventions used within supposedly encrypted vaults.
Root Cause
The root cause stems from improper error handling in Cryptomator's logging mechanism. When filesystem operations fail, the application generates log entries that include cleartext path information rather than sanitized or encrypted representations. This violates the principle of minimal information disclosure in error handling, particularly problematic for an encryption-focused application where path metadata should remain confidential.
Attack Vector
This vulnerability requires local system access. An attacker with access to the filesystem where Cryptomator stores its log files could potentially extract metadata about encrypted vault contents. The attack scenario involves:
- Gaining local access to a system running Cryptomator
- Locating and accessing Cryptomator log files
- Analyzing log entries for cleartext path information leaked during filesystem errors
- Correlating path metadata to understand vault structure and file naming
The vulnerability manifests during error conditions in filesystem operations. When a request fails due to reasons such as file corruption or missing files, the error logging mechanism captures cleartext path information that reveals metadata about the encrypted vault contents. For detailed technical information, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-29110
Indicators of Compromise
- Presence of cleartext file paths in Cryptomator log files
- Unauthorized access attempts to log directories where Cryptomator stores application logs
- Evidence of log file exfiltration or copying on systems running vulnerable Cryptomator versions
Detection Strategies
- Monitor access to Cryptomator log file directories for unusual or unauthorized read operations
- Implement file integrity monitoring on log directories to detect potential tampering or extraction
- Review installed Cryptomator version across endpoints to identify vulnerable installations
Monitoring Recommendations
- Configure endpoint detection to alert on bulk log file access patterns
- Implement log rotation and secure deletion policies for Cryptomator logs
- Monitor for lateral movement attempts targeting user directories containing application logs
How to Mitigate CVE-2026-29110
Immediate Actions Required
- Upgrade Cryptomator to version 1.19.0 or later immediately
- Review existing log files for sensitive cleartext path information and securely delete if found
- Restrict file system permissions on Cryptomator log directories to limit access
Patch Information
This vulnerability has been patched in Cryptomator version 1.19.0. Users should update to this version or later to remediate the information leakage issue. The fix ensures that cleartext paths are no longer logged during filesystem operation failures. For additional details, see the GitHub Security Advisory.
Workarounds
- Implement strict file system permissions to prevent unauthorized access to Cryptomator log files
- Regularly purge or securely delete log files to minimize exposure window
- Consider enabling disk encryption on the volume containing Cryptomator logs to provide an additional layer of protection
# Secure log directory permissions (Linux/macOS example)
chmod 700 ~/.local/share/Cryptomator/logs
# Securely delete existing log files
find ~/.local/share/Cryptomator/logs -type f -name "*.log" -exec shred -u {} \;
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
