CVE 9.3 CRITICAL

Improper Certificate Verification in Szafir SDK_CVE-2026-9058

May 25, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established (i.e. /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType == "nondetermined"). This causes consuming applications to incorrectly treat the signature as valid despite an unverified certificate chain, enabling authentication bypass and user impersonation.

This issue was fixed in version 463.

AI Analysis

Improper certificate verification in Szafir SDK enables authentication bypass and user impersonation due to unverified certificate chain

Basic Information

ID CVE-2026-9058

Source CERT-PL

Published May 25, 2026 at 13:23

Affected Product

Vendor Krajowa Izba Rozliczeniowa

Product Szafir SDK

Affected Versions Krajowa Izba Rozliczeniowa Szafir SDK 0

CWE Classification

CWE-637 CWE-393

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Krajowa Izba Rozliczeniowa

Product Szafir SDK

References

{
    "lastseen": "",
    "description": "Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, \"Positively verified\") even when the trust status of the signer's certificate could not be established (i.e. /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType == \"nondetermined\"). This causes consuming applications to incorrectly treat the signature as valid despite an unverified certificate chain, enabling authentication bypass and user impersonation.\n\nThis issue was fixed in version 463.",
    "published": "2026-05-25T13:23:09.157Z",
    "modified": "2026-05-25T13:23:09.157Z",
    "type": "cve",
    "title": "Improper Certificate Verification in Szafir SDK",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/05/CVE-2026-9058\nhttps://www.elektronicznypodpis.pl/",
    "id": "CVE-2026-9058",
    "bulletinFamily": "",
    "cwe": [
        "CWE-637",
        "CWE-393"
    ],
    "cvelist": null,
    "sourceData": "Krajowa Izba Rozliczeniowa Szafir SDK 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Szafir SDK",
    "version": "0",
    "vendor": "Krajowa Izba Rozliczeniowa",
    "ai_description": "Improper certificate verification in Szafir SDK enables authentication bypass and user impersonation due to unverified certificate chain",
    "ai_severity": "Critical",
    "ai_vendor": "Krajowa Izba Rozliczeniowa",
    "ai_product": "Szafir SDK",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply