CVE-2026-26928

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder and executed by the application. This issue was fixed in version 1.1.0.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/posts/2026/04/CVE-2026-26927
https://www.elektronicznypodpis.pl/

Configurations

No configuration.

History

02 Apr 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-02 14:16

Updated : 2026-04-03 16:10

NVD link : CVE-2026-26928

Mitre link : CVE-2026-26928

CVE.ORG link : CVE-2026-26928

JSON object : View

Products Affected

No product.

CWE

CWE-354

Improper Validation of Integrity Check Value

{"id": "CVE-2026-26928", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-02T14:16:26.077", "references": [{"url": "https://cert.pl/posts/2026/04/CVE-2026-26927", "source": "cvd@cert.pl"}, {"url": "https://www.elektronicznypodpis.pl/", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "SzafirHost\u00a0downloads necessary files in the context of the initiating web page.\u00a0When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded\u00a0DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder\u00a0and executed by the application.\n\nThis issue was fixed in version 1.1.0."}], "lastModified": "2026-04-03T16:10:52.680", "sourceIdentifier": "cvd@cert.pl"}