Vulnerability Found – Patch Available
Security patch notification.
Preview
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en"><head><link rel="preload" as="image" href="/static/company-logo.png"/><link rel="preload" as="image" href="/static/images/library/business-data-dashboard.png"/><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"/><meta name="x-apple-disable-message-reformatting"/><style></style><style>
@font-face {
font-family: 'Inter';
font-style: normal;
font-weight: 400;
mso-font-alt: 'Arial';
src: url(https://fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiJ-Ek-_EeA.woff2) format('woff2');
}
* {
font-family: 'Inter', Arial;
}
</style><style>
@font-face {
font-family: 'Inter';
font-style: normal;
font-weight: 700;
mso-font-alt: 'Arial';
src: url(https://fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuI6fAZ9hiJ-Ek-_EeA.woff2) format('woff2');
}
* {
font-family: 'Inter', Arial;
}
</style></head><body style="background-color:#f9fafb;margin:0"><!--$--><!--html--><div style="display:none;overflow:hidden;line-height:1px;opacity:0;max-height:0;max-width:0" data-skip-in-text="true">Action required: A security patch is ready for your CloudSync account. Install it in just 2 clicks and stay protected.<div> </div></div><!--head--><!--body--><table border="0" width="100%" cellPadding="0" cellSpacing="0" role="presentation" align="center"><tbody><tr><td style="background-color:#f9fafb;margin:0;padding:0;font-family:Inter, Arial, sans-serif"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="max-width:600px;margin:0 auto;background-color:#ffffff"><tbody><tr style="width:100%"><td><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#c2410c;padding:10px 32px"><tbody><tr><td><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation"><tbody style="width:100%"><tr style="width:100%"><td data-id="__react-email-column"><img alt="CloudSync logo" height="32" src="/static/company-logo.png" style="display:block;outline:none;border:none;text-decoration:none" width="120"/></td><td align="right" data-id="__react-email-column"><p style="font-size:12px;line-height:32px;color:#fed7aa;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">Security Alert — March 2026</p></td></tr></tbody></table></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background:linear-gradient(135deg, #ea580c 0%, #c2410c 100%);padding:48px 32px 40px"><tbody><tr><td><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation"><tbody style="width:100%"><tr style="width:100%"><td data-id="__react-email-column"><p style="font-size:13px;line-height:24px;color:#fed7aa;font-weight:600;letter-spacing:2px;text-transform:uppercase;margin:0 0 12px;margin-top:0;margin-right:0;margin-bottom:12px;margin-left:0">Important Security Notice</p><h1 style="color:#ffffff;font-size:32px;font-weight:700;line-height:1.2;margin:0 0 16px;padding:0">A Security Patch Is Ready for CloudSync Desktop</h1><p style="font-size:16px;line-height:1.6;color:#fed7aa;margin:0 0 28px;margin-top:0;margin-right:0;margin-bottom:28px;margin-left:0">We found a vulnerability in CloudSync Desktop v4.2.1 and earlier. We have already built and tested a fix — and we want to make sure you are protected as quickly as possible. The good news: updating takes less than two minutes.</p><a href="https://cloudsync.app/update/patch-4.2.2" style="line-height:100%;text-decoration:none;display:inline-block;max-width:100%;mso-padding-alt:0px;background-color:#ffffff;color:#c2410c;font-size:15px;font-weight:700;padding:14px 32px;border-radius:6px;padding-top:14px;padding-right:32px;padding-bottom:14px;padding-left:32px" target="_blank"><span><!--[if mso]><i style="mso-font-width:400%;mso-text-raise:21" hidden>    </i><![endif]--></span><span style="max-width:100%;display:inline-block;line-height:120%;mso-padding-alt:0px;mso-text-raise:10.5px">Install Patch</span><span><!--[if mso]><i style="mso-font-width:400%" hidden>    ​</i><![endif]--></span></a></td></tr></tbody></table></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="padding:0;margin:0"><tbody><tr><td><img alt="Security dashboard showing system health and patch status indicators" height="280" src="/static/images/library/business-data-dashboard.png" style="display:block;outline:none;border:none;text-decoration:none;width:100%;height:auto;object-fit:cover" width="600"/></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="padding:40px 32px 32px"><tbody><tr><td><h2 style="color:#1c1917;font-size:22px;font-weight:700;margin:0 0 14px;padding:0">What We Found, and What We Did About It</h2><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0 0 16px;margin-top:0;margin-right:0;margin-bottom:16px;margin-left:0">On March 14, 2026, our internal security team — working alongside an independent researcher from the Vanta Security Collective — identified a privilege-escalation vulnerability in the local file-sync daemon bundled with CloudSync Desktop versions 4.0.0 through 4.2.1. The vulnerability, tracked internally as CVE-2026-CS-0047, could allow a malicious application already running on the same machine to request elevated file-system permissions through the CloudSync daemon without user authorisation.</p><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0 0 16px;margin-top:0;margin-right:0;margin-bottom:16px;margin-left:0">To be clear: this is a local privilege-escalation issue only. It cannot be exploited remotely, and it requires another compromised application to already be present on your device. There is no evidence that any CloudSync customer data was accessed or exfiltrated as a result of this vulnerability. We are sharing this with you because transparency is a core part of how we operate, and because we believe you deserve to know exactly what happened and how we responded.</p><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">Within 36 hours of discovery, our engineering team had a patch written, peer-reviewed, and pushed through our full automated test suite. CloudSync Desktop v4.2.2 is now available and fully resolves the issue. We are asking every CloudSync Desktop user to install this update at their earliest opportunity — ideally today.</p></td></tr></tbody></table><hr style="width:100%;border:none;border-top:1px solid #eaeaea;border-color:#e7e5e4;border-width:1px;margin:0 32px"/><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="padding:32px 32px"><tbody><tr><td><h2 style="color:#1c1917;font-size:22px;font-weight:700;margin:0 0 14px;padding:0">Are You Affected?</h2><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0 0 20px;margin-top:0;margin-right:0;margin-bottom:20px;margin-left:0">You are receiving this email because your account is linked to at least one installation of CloudSync Desktop. Please check the version number in the app by navigating to CloudSync menu and selecting About CloudSync. If your version number is 4.2.1 or lower, you should install the patch immediately.</p><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="margin-bottom:0"><tbody style="width:100%"><tr style="width:100%"><td data-id="__react-email-column" style="width:50%;padding-right:8px"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#fff7ed;border-left:4px solid #ea580c;padding:16px;border-radius:4px"><tbody><tr><td><p style="font-size:13px;line-height:24px;color:#c2410c;font-weight:700;letter-spacing:1px;text-transform:uppercase;margin:0 0 8px;margin-top:0;margin-right:0;margin-bottom:8px;margin-left:0">Affected Versions</p><p style="font-size:14px;line-height:1.6;color:#44403c;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">CloudSync Desktop v4.0.0 through v4.2.1 on macOS and Windows</p></td></tr></tbody></table></td><td data-id="__react-email-column" style="width:50%;padding-left:8px"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#f0fdf4;border-left:4px solid #16a34a;padding:16px;border-radius:4px"><tbody><tr><td><p style="font-size:13px;line-height:24px;color:#15803d;font-weight:700;letter-spacing:1px;text-transform:uppercase;margin:0 0 8px;margin-top:0;margin-right:0;margin-bottom:8px;margin-left:0">Not Affected</p><p style="font-size:14px;line-height:1.6;color:#44403c;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">CloudSync Web, Mobile apps, and Desktop v4.2.2 or later</p></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table><hr style="width:100%;border:none;border-top:1px solid #eaeaea;border-color:#e7e5e4;border-width:1px;margin:0 32px"/><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="padding:32px 32px"><tbody><tr><td><h2 style="color:#1c1917;font-size:22px;font-weight:700;margin:0 0 14px;padding:0">How to Install the Patch in 2 Clicks</h2><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0 0 24px;margin-top:0;margin-right:0;margin-bottom:24px;margin-left:0">We designed this update to be as frictionless as possible. You do not need to uninstall anything, and you will not lose any of your synced files or settings. Here is all you need to do:</p><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="margin-bottom:16px"><tbody style="width:100%"><tr style="width:100%"><td data-id="__react-email-column" style="width:48px;vertical-align:top"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#ea580c;border-radius:50%;width:36px;height:36px;text-align:center;padding:0"><tbody><tr><td><p style="font-size:16px;line-height:36px;color:#ffffff;font-weight:700;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">1</p></td></tr></tbody></table></td><td data-id="__react-email-column" style="vertical-align:top"><p style="font-size:15px;line-height:24px;color:#1c1917;font-weight:700;margin:0 0 4px;margin-top:0;margin-right:0;margin-bottom:4px;margin-left:0">Click the button below or open CloudSync on your desktop</p><p style="font-size:14px;line-height:1.6;color:#78716c;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">A notification banner will already be visible at the top of the app window prompting you to update. You can also click Install Patch in this email to go directly to the download page.</p></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="margin-bottom:16px"><tbody style="width:100%"><tr style="width:100%"><td data-id="__react-email-column" style="width:48px;vertical-align:top"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#ea580c;border-radius:50%;width:36px;height:36px;text-align:center;padding:0"><tbody><tr><td><p style="font-size:16px;line-height:36px;color:#ffffff;font-weight:700;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">2</p></td></tr></tbody></table></td><td data-id="__react-email-column" style="vertical-align:top"><p style="font-size:15px;line-height:24px;color:#1c1917;font-weight:700;margin:0 0 4px;margin-top:0;margin-right:0;margin-bottom:4px;margin-left:0">Click Install Update and confirm</p><p style="font-size:14px;line-height:1.6;color:#78716c;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">The installer will download the 18 MB patch, verify its cryptographic signature, apply the fix, and restart the daemon automatically. Your files stay exactly where they are throughout the entire process.</p></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="margin-bottom:28px"><tbody style="width:100%"><tr style="width:100%"><td data-id="__react-email-column" style="width:48px;vertical-align:top"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#16a34a;border-radius:50%;width:36px;height:36px;text-align:center;padding:0"><tbody><tr><td><p style="font-size:16px;line-height:36px;color:#ffffff;font-weight:700;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">3</p></td></tr></tbody></table></td><td data-id="__react-email-column" style="vertical-align:top"><p style="font-size:15px;line-height:24px;color:#1c1917;font-weight:700;margin:0 0 4px;margin-top:0;margin-right:0;margin-bottom:4px;margin-left:0">You are fully protected</p><p style="font-size:14px;line-height:1.6;color:#78716c;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">Once the update is complete, CloudSync will display a confirmation message and your version number will read 4.2.2. That is it — you are done and fully protected.</p></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="text-align:center;padding:8px 0 0"><tbody><tr><td><a href="https://cloudsync.app/update/patch-4.2.2" style="line-height:100%;text-decoration:none;display:inline-block;max-width:100%;mso-padding-alt:0px;background-color:#ea580c;color:#ffffff;font-size:16px;font-weight:700;padding:16px 40px;border-radius:6px;padding-top:16px;padding-right:40px;padding-bottom:16px;padding-left:40px" target="_blank"><span><!--[if mso]><i style="mso-font-width:500%;mso-text-raise:24" hidden>    </i><![endif]--></span><span style="max-width:100%;display:inline-block;line-height:120%;mso-padding-alt:0px;mso-text-raise:12px">Install Patch</span><span><!--[if mso]><i style="mso-font-width:500%" hidden>    ​</i><![endif]--></span></a><p style="font-size:13px;line-height:24px;color:#a8a29e;margin:12px 0 0;margin-top:12px;margin-right:0;margin-bottom:0;margin-left:0">Compatible with macOS 12+ and Windows 10/11. No restart of your computer required.</p></td></tr></tbody></table></td></tr></tbody></table><hr style="width:100%;border:none;border-top:1px solid #eaeaea;border-color:#e7e5e4;border-width:1px;margin:0 32px"/><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="padding:32px 32px"><tbody><tr><td><h2 style="color:#1c1917;font-size:22px;font-weight:700;margin:0 0 14px;padding:0">What We Are Doing to Prevent This in the Future</h2><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0 0 16px;margin-top:0;margin-right:0;margin-bottom:16px;margin-left:0">We take incidents like this seriously, even when — as in this case — the risk to customers was low and no data was compromised. Every security event is an opportunity to improve, and we want to share the concrete steps we are taking as a result of this finding.</p><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0 0 16px;margin-top:0;margin-right:0;margin-bottom:16px;margin-left:0">First, we are expanding our internal red-team programme to include quarterly privilege-escalation audits of all desktop daemon processes. Second, we are partnering with two additional independent security research firms to conduct rolling penetration tests throughout 2026. Third, we are launching a formal bug bounty programme in April 2026, open to the global security research community, with rewards of up to $25,000 USD for critical vulnerability disclosures.</p><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0">We will publish a full post-mortem report on our security blog within the next seven days. It will include a detailed technical breakdown of the vulnerability, our remediation timeline, and a roadmap of the structural improvements we are making to our release pipeline. We believe that open, honest communication is the foundation of trust, and we are committed to earning yours every single day.</p></td></tr></tbody></table><hr style="width:100%;border:none;border-top:1px solid #eaeaea;border-color:#e7e5e4;border-width:1px;margin:0 32px"/><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="padding:32px 32px"><tbody><tr><td><h2 style="color:#1c1917;font-size:22px;font-weight:700;margin:0 0 14px;padding:0">Questions? We Are Here to Help</h2><p style="font-size:15px;line-height:1.75;color:#44403c;margin:0 0 16px;margin-top:0;margin-right:0;margin-bottom:16px;margin-left:0">We know that security emails can feel alarming, and we genuinely appreciate your patience and trust. If you have any questions about this vulnerability, the patch, or your account security in general, please do not hesitate to reach out. Our dedicated security support team is available seven days a week and will respond within four business hours.</p><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation"><tbody style="width:100%"><tr style="width:100%"><td data-id="__react-email-column" style="width:50%;padding-right:8px"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#fff7ed;padding:20px;border-radius:6px;text-align:center"><tbody><tr><td><p style="font-size:13px;line-height:24px;color:#c2410c;font-weight:700;letter-spacing:1px;text-transform:uppercase;margin:0 0 6px;margin-top:0;margin-right:0;margin-bottom:6px;margin-left:0">Email Support</p><a href="mailto:security@cloudsync.app" style="color:#ea580c;text-decoration-line:none;font-size:14px;font-weight:600;text-decoration:none" target="_blank">security@cloudsync.app</a></td></tr></tbody></table></td><td data-id="__react-email-column" style="width:50%;padding-left:8px"><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#fff7ed;padding:20px;border-radius:6px;text-align:center"><tbody><tr><td><p style="font-size:13px;line-height:24px;color:#c2410c;font-weight:700;letter-spacing:1px;text-transform:uppercase;margin:0 0 6px;margin-top:0;margin-right:0;margin-bottom:6px;margin-left:0">Live Chat</p><a href="https://cloudsync.app/support/chat" style="color:#ea580c;text-decoration-line:none;font-size:14px;font-weight:600;text-decoration:none" target="_blank">Start a Live Chat</a></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#fff7ed;padding:36px 32px;text-align:center;margin:0 0 0"><tbody><tr><td><p style="font-size:13px;line-height:24px;color:#c2410c;font-weight:700;letter-spacing:2px;text-transform:uppercase;margin:0 0 10px;margin-top:0;margin-right:0;margin-bottom:10px;margin-left:0">Ready to Update?</p><h3 style="color:#1c1917;font-size:20px;font-weight:700;margin:0 0 10px;padding:0">Protect your account in under two minutes</h3><p style="font-size:14px;line-height:1.6;color:#78716c;margin:0 0 24px;margin-top:0;margin-right:0;margin-bottom:24px;margin-left:0">The patch is free, fast, and fully automatic. Click below to get started right now.</p><a href="https://cloudsync.app/update/patch-4.2.2" style="line-height:100%;text-decoration:none;display:inline-block;max-width:100%;mso-padding-alt:0px;background-color:#ea580c;color:#ffffff;font-size:16px;font-weight:700;padding:16px 40px;border-radius:6px;padding-top:16px;padding-right:40px;padding-bottom:16px;padding-left:40px" target="_blank"><span><!--[if mso]><i style="mso-font-width:500%;mso-text-raise:24" hidden>    </i><![endif]--></span><span style="max-width:100%;display:inline-block;line-height:120%;mso-padding-alt:0px;mso-text-raise:12px">Install Patch</span><span><!--[if mso]><i style="mso-font-width:500%" hidden>    ​</i><![endif]--></span></a></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="background-color:#1c1917;padding:32px 32px"><tbody><tr><td><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="margin-bottom:20px"><tbody style="width:100%"><tr style="width:100%"><td align="center" data-id="__react-email-column"><img alt="CloudSync" height="26" src="/static/company-logo.png" style="display:inline-block;outline:none;border:none;text-decoration:none;filter:brightness(0) invert(1);opacity:0.8" width="100"/></td></tr></tbody></table><table align="center" width="100%" border="0" cellPadding="0" cellSpacing="0" role="presentation" style="margin-bottom:20px"><tbody style="width:100%"><tr style="width:100%"><td align="center" data-id="__react-email-column"><a href="https://twitter.com/cloudsync" style="color:#a8a29e;text-decoration-line:none;font-size:13px;text-decoration:none;margin:0 10px" target="_blank">Twitter</a><a href="https://linkedin.com/company/cloudsync" style="color:#a8a29e;text-decoration-line:none;font-size:13px;text-decoration:none;margin:0 10px" target="_blank">LinkedIn</a><a href="https://github.com/cloudsync" style="color:#a8a29e;text-decoration-line:none;font-size:13px;text-decoration:none;margin:0 10px" target="_blank">GitHub</a><a href="https://cloudsync.app/blog/security" style="color:#a8a29e;text-decoration-line:none;font-size:13px;text-decoration:none;margin:0 10px" target="_blank">Security Blog</a></td></tr></tbody></table><hr style="width:100%;border:none;border-top:1px solid #eaeaea;border-color:#44403c;border-width:1px;margin:0 0 20px"/><p style="font-size:12px;line-height:1.6;color:#78716c;text-align:center;margin:0 0 8px;margin-top:0;margin-right:0;margin-bottom:8px;margin-left:0">CloudSync Inc. — 340 Pine Street, Suite 800, San Francisco, CA 94104</p><p style="font-size:12px;line-height:1.6;color:#78716c;text-align:center;margin:0 0 8px;margin-top:0;margin-right:0;margin-bottom:8px;margin-left:0">You are receiving this email because your account at cloudsync.app requires this important security notification.</p><p style="font-size:12px;line-height:24px;color:#78716c;text-align:center;margin:0;margin-top:0;margin-bottom:0;margin-left:0;margin-right:0"><a href="https://cloudsync.app/privacy" style="color:#a8a29e;text-decoration-line:none;text-decoration:underline" target="_blank">Privacy Policy</a> <!-- --> | <!-- --> <a href="https://cloudsync.app/terms" style="color:#a8a29e;text-decoration-line:none;text-decoration:underline" target="_blank">Terms of Service</a> <!-- --> | <!-- --> <a href="https://cloudsync.app/unsubscribe" style="color:#a8a29e;text-decoration-line:none;text-decoration:underline" target="_blank">Unsubscribe</a></p><p style="font-size:11px;line-height:24px;color:#57534e;text-align:center;margin:16px 0 0;margin-top:16px;margin-right:0;margin-bottom:0;margin-left:0">Copyright 2026 CloudSync Inc. All rights reserved.</p></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table><!--/$--></body></html>