CVE-2026-32318 Overview
Cryptomator for iOS, a multi-platform transparent client-side encryption solution for cloud files, contains an integrity check vulnerability in versions prior to 2.8.3. The flaw exists in the Hub key loading mechanism where the client fails to perform host authenticity checks on endpoints specified in the vault configuration file. This allows an attacker who can modify the vault.cryptomator file to conduct man-in-the-middle attacks by mixing legitimate authentication endpoints with malicious API endpoints, potentially leading to token exfiltration.
Critical Impact
Users unlocking Hub-backed vaults with affected client versions in environments where attackers can alter the vault configuration file may have their authentication tokens exfiltrated through malicious API endpoint injection.
Affected Products
- Cryptomator for iOS versions prior to 2.8.3
- Apple iPhone OS (running vulnerable Cryptomator versions)
- Cryptomator Hub-backed vault configurations
Discovery Timeline
- 2026-03-20 - CVE-2026-32318 published to NVD
- 2026-03-26 - Last updated in NVD database
Technical Details for CVE-2026-32318
Vulnerability Analysis
This vulnerability stems from a lack of proper origin validation (CWE-346) in the Cryptomator iOS application's Hub key loading mechanism. When a user attempts to unlock a Hub-backed vault, the client reads configuration data from the vault.cryptomator file, which contains endpoint URLs for authentication and API services. Prior to the fix, the application implicitly trusted these endpoint configurations without verifying that the API endpoint belonged to the same trusted host as the authentication endpoint.
An attacker who gains the ability to modify the vault configuration file—whether through a compromised cloud storage account, network interception, or local file system access—could inject a malicious API endpoint while preserving the legitimate authentication endpoint. When the user authenticates through the legitimate service, the authentication token would then be sent to the attacker-controlled API endpoint, enabling token theft.
Root Cause
The root cause is insufficient host authenticity validation in the vault configuration parsing logic. The application separated the handling of authentication endpoints and API endpoints without enforcing that both must resolve to the same trusted host. This design flaw created an Origin Validation Error (CWE-346) where mixed endpoint configurations were accepted without verification, allowing token redirection attacks.
Attack Vector
The attack requires network access and the ability to modify the victim's vault.cryptomator configuration file. The attacker crafts a malicious vault configuration that:
- Preserves the legitimate Hub authentication endpoint to appear trustworthy
- Substitutes the API endpoint with an attacker-controlled server
- Waits for the victim to authenticate against the legitimate auth service
- Captures the authentication token when the client sends it to the malicious API endpoint
The attack complexity is high as it requires the attacker to have write access to the vault configuration file stored in the user's cloud storage or intercept and modify it during transmission.
Detection Methods for CVE-2026-32318
Indicators of Compromise
- Unexpected modifications to vault.cryptomator files in cloud storage
- Vault configuration files containing mismatched authentication and API endpoint domains
- Unusual outbound network connections from Cryptomator to unknown hosts during vault unlock operations
- Authentication tokens appearing in network traffic to non-Cryptomator domains
Detection Strategies
- Monitor file integrity of vault.cryptomator configuration files for unauthorized changes
- Implement network traffic analysis to detect authentication token transmission to non-whitelisted endpoints
- Review cloud storage access logs for suspicious modifications to Cryptomator vault configurations
- Deploy endpoint detection rules for Cryptomator processes connecting to unfamiliar external hosts
Monitoring Recommendations
- Enable detailed logging for Cryptomator Hub-backed vault operations
- Configure cloud storage auditing to track modifications to vault configuration files
- Set up alerts for network connections from mobile devices to newly observed domains during Cryptomator usage
- Implement certificate pinning validation checks in network monitoring solutions
How to Mitigate CVE-2026-32318
Immediate Actions Required
- Update Cryptomator for iOS to version 2.8.3 or later immediately
- Review vault.cryptomator files for any unauthorized endpoint modifications
- Rotate authentication tokens for Hub-backed vaults if compromise is suspected
- Enable two-factor authentication on cloud storage accounts hosting Cryptomator vaults
Patch Information
The vulnerability has been addressed in Cryptomator for iOS version 2.8.3. The fix introduces host authenticity checks that validate the relationship between authentication endpoints and API endpoints in the vault configuration. Users should update through the App Store to receive the patched version. Technical details of the fix can be reviewed in the GitHub commit and the associated pull request #444.
Workarounds
- Avoid unlocking Hub-backed vaults on untrusted networks until the update is applied
- Verify the integrity of vault.cryptomator files manually before unlocking vaults on affected versions
- Use additional layers of cloud storage security such as access controls and audit logging
- Consider temporarily using local-only vault configurations if Hub functionality is not required
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
