1. Cryptomator Hub OAuth Token Exchange HTTP Downgrade Bypass Exposed (CVE-2026-32303)
A critical logic flaw in Cryptomator Hub's OAuth flow allows attackers to bypass a previous security fix and force a downgrade to plaintext HTTP, exposing user access tokens. The vulnerability, tracked as CVE-2026-33472, resides in the `CheckHostTrustController.getAuthority()` method of version 1.19.1. This method inco...