Which versions of SzafirHost are affected by CVE-2026-44088?

SzafirHost versions prior to 1.2.1 contain a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by bypassing JAR signature verification…. A patch is available.

SzafirHost CVE-2026-44088

Q: What is the CVSS score of CVE-2026-44088?

CVE-2026-44088 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

EUVD-2026-30512 HIGH

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-05-15 CERT-PL

GHSA-j8f8-frc5-vgc6

RCE File Upload

8.6

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Patch available

May 15, 2026 - 10:16 EUVD

Analysis Generated

May 15, 2026 - 09:30 vuln.today

CVSS changed

May 15, 2026 - 09:22 NVD

8.6 (HIGH)

CVE Published

May 15, 2026 - 08:48 nvd

HIGH 8.6

DescriptionNVD

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded.

This issue was fixed in version 1.2.1.

AnalysisAI

Remote code execution in SzafirHost before 1.2.1 allows unauthenticated attackers to bypass JAR signature verification through a ZIP file smuggling technique. The vulnerability exploits a discrepancy between verification logic (JarInputStream reading from file beginning) and class loading (JarFile/URLClassLoader reading Central Directory from file end), enabling attackers to combine a legitimately signed JAR with malicious classes. …

RemediationAI

Within 24 hours: Identify all SzafirHost instances in your environment and document current versions; disable or restrict access to SzafirHost applications until patched. Within 7 days: Upgrade all SzafirHost deployments to version 1.2.1 or later per vendor advisory. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44088 vulnerability details – vuln.today

Back

SzafirHost CVE-2026-44088

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

SzafirHost CVE-2026-44088

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code