CVE 8.6 HIGH

Remote Code Execution in SzafirHost_CVE-2026-44088

May 15, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Description

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded.

This issue was fixed in version 1.2.1.

AI Analysis

Remote code execution vulnerability in SzafirHost due to signature verification bypass

Basic Information

ID CVE-2026-44088

Source CERT-PL

Published May 15, 2026 at 08:48

Affected Product

Vendor Krajowa Izba Rozliczeniowa

Product SzafirHost

Affected Versions Krajowa Izba Rozliczeniowa SzafirHost 0

CWE Classification

CWE-434

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Krajowa Izba Rozliczeniowa

Product SzafirHost

References

{
    "lastseen": "",
    "description": "SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded.\n\n\nThis issue was fixed in version 1.2.1.",
    "published": "2026-05-15T08:48:11.694Z",
    "modified": "2026-05-15T08:48:11.694Z",
    "type": "cve",
    "title": "Remote Code Execution in SzafirHost",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/05/CVE-2026-44088\nhttps://www.elektronicznypodpis.pl/",
    "id": "CVE-2026-44088",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Krajowa Izba Rozliczeniowa SzafirHost 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SzafirHost",
    "version": "0",
    "vendor": "Krajowa Izba Rozliczeniowa",
    "ai_description": "Remote code execution vulnerability in SzafirHost due to signature verification bypass",
    "ai_severity": "High",
    "ai_vendor": "Krajowa Izba Rozliczeniowa",
    "ai_product": "SzafirHost",
    "ai_version": "0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply