Description
SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder and executed by the application.

This issue was fixed in version 1.1.0.
Published: 2026-04-02
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The flaw resides in SzafirHost’s handling of uploaded dynamic libraries. While JAR files are guarded by hash checking and vendor signatures, the software does not perform any verification for DLL, SO, JNILIB, or DYLIB files. A malicious actor can supply an invalid library that the application will load and execute, allowing arbitrary code to run with the privileges of the host process. The vulnerability therefore enables a remote attacker to compromise confidentiality, integrity, and availability of the affected system.

Affected Systems

The issue affects installations of SzafirHost from Krajowa Izba Rozliczeniowa that are running versions earlier than 1.1.0. Any deployment that allows the web context to trigger dynamic library updates without proper validation is subject to this vulnerability.

Risk and Exploitability

With a CVSS score of 8.7 the vulnerability is classified as high severity. The EPSS score is not available, and it is not listed in CISA’s KEV catalog. The attack can be performed remotely by submitting a crafted DLL, SO, JNILIB, or DYLIB through the web interface that initiates library updates. While no public exploit has been detected, the high severity and lack of verification make exploitation likely if the software is deployed in an untrusted environment.

Generated by OpenCVE AI on April 2, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SzafirHost to version 1.1.0 or later.

Generated by OpenCVE AI on April 2, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Krajowa Izba Rozliczeniowa
Krajowa Izba Rozliczeniowa szafirhost
Vendors & Products Krajowa Izba Rozliczeniowa
Krajowa Izba Rozliczeniowa szafirhost

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder and executed by the application. This issue was fixed in version 1.1.0.
Title Lack of Dynamic Library Validation in SzafirHost
Weaknesses CWE-354
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Krajowa Izba Rozliczeniowa Szafirhost
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-04-02T14:21:50.711Z

Reserved: 2026-02-16T09:01:03.143Z

Link: CVE-2026-26928

cve-icon Vulnrichment

Updated: 2026-04-02T14:21:42.248Z

cve-icon NVD

Status : Received

Published: 2026-04-02T14:16:26.077

Modified: 2026-04-02T14:16:26.077

Link: CVE-2026-26928

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:21:04Z

Weaknesses