CLEANSTART-2026-JO51351 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-pc3f-x583-g7j2 applied in versions: 1.18.0-r0, 1.19.0-r0, 1.19.1-r0, 1.19.1-r1

Multiple security vulnerabilities affect the percona-xtradb-cluster-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-RH99-WC69-C255 Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

CVE-2026-33472

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...

EUVD-2026-23295

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...

Cryptomator 安全漏洞

Cryptomator is a simple digital self-defense tool within the Cryptomator community. Version 1.19.1 of Cryptomator contains a security vulnerability. This vulnerability stems from a logical flaw in the CheckHostTrustController.getAuthority method, which may allow bypassing security fixes and...

CLEANSTART-2026-DS01292 Security fixes for CVE-2025-47910, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, CVE-2026-27141, ghsa-9h8m-3fm2-qjrq applied in versions: 1.19.1-r0, 1.19.2-r0, 1.19.2-r1

Multiple security vulnerabilities affect the cert-manager-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-32310

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

CVE-2026-32309

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

EUVD-2026-13750

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

EUVD-2026-13748

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32303

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...

CVE-2026-32303

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...

CVE-2026-32303

Cryptomator CVE-2026-32303 affects the client prior to v1.19.1. The issue is an integrity-check vulnerability that lets an attacker tamper with the vault configuration file, triggering a MITM in the Hub key loading mechanism. Before the fix, the client could trust endpoints from vault.config with...

EUVD-2026-13746

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...

Cryptomator 安全漏洞

Cryptomator is a simple digital self-defense tool from the Cryptomator community. Versions of Cryptomator prior to 1.19.1 contained security vulnerabilities. These vulnerabilities stemmed from the unlocking process based on Hub, which did not enforce the use of HTTPS. This could lead to network...

Cryptomator 安全漏洞

Cryptomator is a simple digital self-defense tool from the Cryptomator community. It is used to protect data. Versions of Cryptomator prior to 1.19.1 have security vulnerabilities; these vulnerabilities stem from integrity-checking flaws, which can lead to man-in-the-middle attacks and token leak...