Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Cryptomator Leaks Cloud Data Paths in Log Files Before Version 1.19.0
CVE-2026-29110
Summary
Using Cryptomator before version 1.19.0 might put your cloud-stored data at risk if an attacker gains access to your log files. This could happen if a file you store in Cryptomator is damaged or can't be accessed, causing Cryptomator to log the file path. To keep your data safe, update to version 1.19.0 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cryptomator | cryptomator | <= 1.19.0 | – |
Original title
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information...
Original description
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file, not existing file), a log message is created. This issue has been patched in version 1.19.0.
nvd CVSS3.1
2.2
Vulnerability type
CWE-209
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026