CVE-2026-32318

Name of the Vulnerable Software and Affected Versions Cryptomator for iOS versions prior to 2.8.3

Description Cryptomator for iOS provides client-side encryption for files in the cloud. A flaw in integrity checks allows tampering with the vault configuration file, potentially leading to a man-in-the-middle attack during the Hub key loading process. Previously, the client trusted endpoints from the vault configuration without verifying host authenticity, which could allow an attacker to steal authentication tokens by substituting a legitimate authentication endpoint with a malicious API endpoint. The issue impacts users unlocking Hub-backed vaults with vulnerable client versions in environments where an attacker can modify the vault.cryptomator file.

Recommendations Update to version 2.8.3 or later.