Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded.
This issue was fixed in version 1.2.1.
AnalysisAI
Remote code execution in SzafirHost before 1.2.1 allows unauthenticated attackers to bypass JAR signature verification through a ZIP file smuggling technique. The vulnerability exploits a discrepancy between verification logic (JarInputStream reading from file beginning) and class loading (JarFile/URLClassLoader reading Central Directory from file end), enabling attackers to combine a legitimately signed JAR with malicious classes. CERT-PL confirmed this vulnerability, and the vendor released patch version 1.2.1. EPSS data not available, not listed in CISA KEV, requiring user interaction (UI:A) for exploitation.
Technical ContextAI
SzafirHost is a digital signature application from Krajowa Izba Rozliczeniowa (Polish National Clearing House). The vulnerability stems from inconsistent JAR file parsing methods in Java. JarInputStream reads sequentially from the file start, processing manifest and signature data first. However, JarFile and URLClassLoader read the ZIP Central Directory structure located at the file end, which indexes all contained entries. This architectural discrepancy enables a polyglot file attack: an attacker crafts a hybrid file where the beginning contains a validly signed JAR (passing JarInputStream verification), while the Central Directory at the end references malicious class files appended afterward. The class loader reads the malicious Central Directory, loading attacker-controlled bytecode despite successful signature verification. This is a variant of CWE-434 (Unrestricted Upload of File with Dangerous Type) where the dangerous type is a specially crafted polyglot file exploiting parser differentials.
RemediationAI
Upgrade to SzafirHost version 1.2.1 or later, which implements consistent JAR parsing mechanisms for both verification and class loading operations. Download the patched version from the official vendor site at https://www.elektronicznypodpis.pl/ and verify the integrity of the installer before deployment. If immediate patching is not feasible, implement compensating controls: (1) Configure application whitelisting to prevent execution of unsigned or untrusted code paths, accepting some operational friction for users needing to run custom plugins; (2) Deploy endpoint detection rules monitoring for JarFile/URLClassLoader anomalies or polyglot file signatures, though sophisticated attackers may evade signature-based detection; (3) Enforce strict file source restrictions, only allowing JAR files from pre-approved internal repositories with independent signature verification, which significantly limits usability for external document workflows; (4) Isolate SzafirHost execution in sandboxed environments (Windows Sandbox, AppLocker restricted mode, or virtualized desktops) to contain potential code execution, adding deployment complexity. Review CERT-PL advisory at https://cert.pl/posts/2026/05/CVE-2026-44088 for additional vendor guidance and indicators of compromise.
More in Szafirhost
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30512
GHSA-j8f8-frc5-vgc6