CVE 8.6 HIGH

Remote Code Execution in SzafirHost_CVE-2026-13165

8.6 / 10
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Description

SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from local file headers). An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB as a local-file-header entry between the last legitimate entry and the Central Directory, without adding it to the Central Directory. The signature verifier never sees the injected entry and accepts the archive as validly signed; the extractor reads it sequentially and writes the attacker library to the native temp directory with no hash check), while the archive-size check still passes. This can lead to remote code execution.

This issue was fixed in version 1.2.2.

AI Analysis

Remote code execution vulnerability in SzafirHost due to improper verification of downloaded native library archives

Basic Information

ID CVE-2026-13165
Source CERT-PL
Published Jun 29, 2026 at 12:16
Modified Jun 29, 2026 at 13:58

Affected Product

Vendor Krajowa Izba Rozliczeniowa
Product SzafirHost
Affected Versions Krajowa Izba Rozliczeniowa SzafirHost 0

CWE Classification

AI Assessment

AI Score 8.6 / 10
AI Severity High
Vendor Krajowa Izba Rozliczeniowa
Product SzafirHost
Version < 1.2.2

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.