Information Exposure Through an Error Message in Cryptomator - CVE-2026-29110
Published: April 20, 2026
Cryptomator
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to generation of error messages containing sensitive information in the log file handling when processing failed filesystem requests. A local user can trigger a filesystem request failure to disclose sensitive information.
Only some cleartext paths are logged, and this occurs only when a filesystem request fails, such as for a damaged encrypted file or a non-existing file. User interaction is required.