CVE-2026-44088 Remote Code Execution in SzafirHost

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

CVE-2026-44088

SzafirHost is affected by a remote code execution vulnerability where the code verifies the signature of a downloaded JAR with JarInputStream (from the file start) but loads classes using JarFile/URLClassLoader (reading from the end of the Central Directory). An attacker can combine a genuine, si...

CVE-2026-44088 Remote Code Execution in SzafirHost

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

Krajowa Izba Rozliczeniowa SzafirHost 代码问题漏洞

Krajowa Izba Rozliczeniowa SzafirHost is an electronic signature server component developed by the Polish company Krajowa Izba Rozliczeniowa. It provides certificate management and signature processing capabilities. Versions of Krajowa Izba Rozliczeniowa SzafirHost prior to 1.2.1 had code...

CVE-2026-26928

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

EUVD-2026-18229

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

EUVD-2026-18228

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2026-26928

CVE-2026-26928 affects SzafirHost. The vulnerability arises because the application does not verify the hash or the vendor’s digital signature for uploaded DLL/SO/JNILIB/DYLIB files, while JARs are checked. An attacker can supply a malicious dynamic library that is saved in the user’s temp folder...

CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

CVE-2026-26927

CVE-2026-26927 affects Szafir SDK Web and SzafirHost usage: Szafir SDK Web can launch SzafirHost with arbitrary arguments by exploiting an unvalidated document_base_url shown in the confirmation prompt. An unauthenticated attacker can craft a site to initiate the host, and if the user confirms (w...

CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

PT-2026-29742

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

Krajowa Izba Rozliczeniowa SzafirHost 安全漏洞

Krajowa Izba Rozliczeniowa SzafirHost is an electronic signature server component developed by the Polish company Krajowa Izba Rozliczeniowa. It provides certificate management and signature processing capabilities. Versions of Krajowa Izba Rozliczeniowa SzafirHost prior to 1.1.0 contained securi...