Android Vulnerability (CVE-2026-32317)

Vendor-confirmed - CVE-2026-32317 is a high integrity-bypass in Cryptomator for Android versions prior to 1.12.3 that lets an attacker exfiltrate user authentication tokens by manipulating the vault configuration file. Update to version 1.12.3 to block the attack.

Overview

A security vulnerability, identified as CVE-2026-32317, has been discovered in Cryptomator for Android. This client-side encryption tool is designed to secure files before they are uploaded to cloud storage services. The flaw is an integrity check failure that could allow an attacker to manipulate the application’s configuration.

Vulnerability Details

In versions prior to 1.12.3, Cryptomator for Android did not properly verify the authenticity of the vault configuration file (vault.cryptomator). This file contains critical settings, including the endpoints used for communicating with Cryptomator Hub-a service for managing vault access keys.

The vulnerability allows an attacker who can modify this configuration file (for example, in a man-in-the-middle attack or by compromising cloud storage) to mix legitimate and malicious server addresses. Specifically, they could point the app to a legitimate authentication endpoint but a malicious API endpoint. This broken trust chain could lead to the exfiltration of user authentication tokens when unlocking a Hub-backed vault.

Impact and Severity

This vulnerability is rated HIGH with a CVSS score of 7.6. The primary risk is to users who unlock vaults linked to Cryptomator Hub using the affected Android client.

Successful exploitation could allow an attacker to steal a user’s token. This token could potentially be used to gain unauthorized access to the user’s encrypted vaults stored in the cloud. The attack requires the attacker to be in a position to alter the vault.cryptomator file, which limits some attack scenarios but remains a significant threat in untrusted network environments or if cloud storage credentials are compromised.

Remediation and Mitigation

The vendor has released a patch in Cryptomator for Android version 1.12.3. All users must update their application to this version immediately via the Google Play Store.

Action Required:

1. Open the Google Play Store on your Android device.
2. Search for “Cryptomator” or go to your list of installed apps.
3. If an update is available for Cryptomator, apply it. Ensure the app version is 1.12.3 or later.
4. No further action is required post-update; the fix automatically enforces proper host authenticity checks.

Until the update is applied, users should exercise caution when unlocking Hub-backed vaults on untrusted networks, such as public Wi-Fi.

Broader Security Context

Configuration and integrity vulnerabilities are a common attack vector. Recently, other high-profile flaws have involved trust failures in system components, such as the Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access. Similarly, issues in web platforms like the New ‘LeakyLooker’ Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries and browser extensions, as seen with the New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel, highlight the importance of rigorous validation mechanisms across all software.