Skip to main content

EUVDEUVD-2026-18229

| CVE-2026-26928 HIGH
Improper Validation of Integrity Check Value (CWE-354)
2026-04-02 cvd@cert.pl
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 27, 2026 - 19:37 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 06:08 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.1.0
EUVD ID Assigned
Apr 02, 2026 - 14:22 euvd
EUVD-2026-18229
Analysis Generated
Apr 02, 2026 - 14:22 vuln.today
CVE Published
Apr 02, 2026 - 14:16 nvd
HIGH 8.7

DescriptionCVE.org

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder and executed by the application.

This issue was fixed in version 1.1.0.

AnalysisAI

Cryptographic verification bypass in SzafirHost (e-signature client software) allows remote attackers to deliver and execute malicious native libraries (DLL/SO/JNILIB/DYLIB) without authentication. While JAR files are hash- and signature-verified during auto-update, native libraries downloaded into the user's /temp folder skip all integrity checks, enabling code execution in the context of the web page initiating the download. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Host malicious DLL/SO/JNILIB file on attacker server
Delivery
SzafirHost downloads unverified file
Exploit
File saved to /temp folder
Execution
Application executes malicious native library
Impact
Arbitrary code execution

Vulnerability AssessmentAI

Exploitation Remote unauthenticated attacker can exploit SzafirHost versions before 1.1.0 by providing malicious DLL, SO, JNILIB, or DYLIB files during application update. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate-to-high for targeted attacks against Polish digital signature users but low for broad exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious website or compromises a legitimate site frequented by Polish e-signature users. When a victim with SzafirHost installed visits the page, embedded JavaScript triggers the SzafirHost auto-update mechanism, requesting a native library file. …
Remediation Upgrade SzafirHost to version 1.1.0 or later, which implements cryptographic hash validation and digital signature verification for native library files matching the existing JAR file controls. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running SzafirHost and document current versions via inventory or EDR telemetry. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-18229 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy